WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.

Permalink

main

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Go to file

*   Go to file

*   Copy path
*   Copy permalink

Cannot retrieve contributors at this time

1.15 MB

Download

*   Open with Desktop
*   Download
*   Delete file

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-46020: Vulnerability/WBCE CMS v1.5.4 getshell.pdf at main · 10vexh/Vulnerability

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).

**pdftojson**

using XPDF, pdftojson extracts text from PDF files as JSON, including word bounding boxes.

**Compile**

On MacOS, you might need to specify libpng and libfreetype locations, e.g.

    ./configure --with-libpng-library=/usr/local/Cellar/libpng/1.6.16/lib/  --with-libpng-includes=/usr/local/Cellar/libpng/1.6.16/include/ --with-freetype2-library=/usr/local/lib/ --with-freetype2-includes=/usr/local/include/freetype2/
    

You will find pdftojson inside the directory xpdf/pdftojson

**Usage**

    pdftojson <input.pdf> <output.json>
    

**File format**

The JSON produced looks like: \[ { "pages":14, "number":1, "width":612, "height":792, "text":\[ \[115,162,41,14,0,"What "\], ... \] }, { "pages":14, "number":2, "width":612, "height":792, "text":\[ \[115,162,41,14,0,"Here "\], ... \] }, ... \];

For each page, the text array contains: \[top,left,width,height,0,text\]

CVE-2022-44109: GitHub - ldenoue/pdftojson: using XPDF, pdftojson extracts text from PDF files as JSON, including word bounding boxes.

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability.

%PDF-1.7 %���� 1 0 obj <>/Metadata 2302 0 R/ViewerPreferences 2303 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/XObject<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 594.96 842.04\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��Y�n#7��?�(0�ŝ�р6��XA0�Aq4��G9��S�EK�7����b7��z|�z$�d��{��~ڑ��d�ۭ����A�&��n�}�����k�<��\_�ֻ��\[����;\_u���6�iJf�9�{<2�Z.��U�pM��}3��y����V�Qrđ���� e3E-Y��ŇG\`����?�G(?�G\_o�gx-�Z�%����od��x�DG�B0� &\`�j~��!��O�U�ɧ�|��{�;�Z���rL���hW� 9ȉFN�>㠯CYu(9U��HZR�;'���%�ۨ>X�v�$0H̋�(���Ż�֠��5R�!Q#��x�~ �'�ۨ>j�v��#�7X���$���y5���#(�+��~N���X��8�T\]�@mV����� ㄩ&q�vW ' �z�K���U���jL ��e�/�4��&�/C�ٗ�^8���bzZ�O�A���;�8\\௚�q�����$�� ϠB�s�u�fP���QI�� ĚV�~��"����o��'�xP�\*!}�Z�~�״��"ے�5iv�/�:F{lδ�tԱ)L����v{��jf+�\\ne��Z��k���4����ٺ(��ۚM� $���d7 ��yE�&I���~~� �p� ���Od^#$�E��� �p\_��0$Fсhk}^���>djT| J���\\0ǆ��k�a֟�B���@��~�g��Dbe"I|iU�U�#���J�A�\_\\w�f'����3�H�˫�4�#�����|@��WX��;Pb5kap���|sɨ����R��u��+,�LAb�t����|�S�T������8���v�~���i圁��n����t� �E ha ��<Q��&C�xu LM����9�&�^\];7�����:����|�+I����� e\_E'�d�|�u�|uұ� ������Ǣu�n5���̑�C�6\]u�Z��QhNe?� :������RSy&K>/��^c.�a\\j��3��9�3�Y�N��<+}�Ϭ�K����Wc�OQ?���0p��Mk��>��)X+ 8d���@�O�:�Aw���&��qK����R��ѓ����u���,����?�,� endstream endobj 5 0 obj <> endobj 6 0 obj \[ 7 0 R\] endobj 7 0 obj <> endobj 8 0 obj <> endobj 9 0 obj <> endobj 10 0 obj <> endobj 11 0 obj <> endobj 12 0 obj <> endobj 13 0 obj <> endobj 14 0 obj <> endobj 15 0 obj \[ 16 0 R\] endobj 16 0 obj <> endobj 17 0 obj <> endobj 18 0 obj <> endobj 19 0 obj <> endobj 20 0 obj <> endobj 21 0 obj <> endobj 22 0 obj <> endobj 23 0 obj <> endobj 24 0 obj \[ 25 0 R\] endobj 25 0 obj <> endobj 26 0 obj <> endobj 27 0 obj <> endobj 28 0 obj <> endobj 29 0 obj <> endobj 30 0 obj <> endobj 31 0 obj <> endobj 32 0 obj <> endobj 33 0 obj \[ 34 0 R\] endobj 34 0 obj <> endobj 35 0 obj <> endobj 36 0 obj <> endobj 37 0 obj <> endobj 38 0 obj <> endobj 39 0 obj <> stream x�흽RI�%�h! �Ȇ�J���ȡ,2�,8��En�MH�8XR�9\\����;0w\`�k��O���鞞�ާ��0+�i�\_�s�g:��S�|~�P�\[,:Ή�Ү�ν�o~\]����C��\_��/W}��c��\[��ݝ��v�SI\_ !$�(��\\@7�!���� �����>(�k%�$��"�7 ����!8�t7B"g}���)~� hpQ�:� B�� l.W��E&��=$b���i�I�4\*qI���?��ofNmF�ʿ��KBH\*�IO��J��뇎��������}��1�j�J��CH�F>�%>\\y'$)"�o����+����;�ōB���xC�~�TBË����󢋾p�B�$ ���@+�b���K%�Ex�Y^��P��v5k���Rs� ����)|>jQ�X�!$",�R!�A���M��Pddp&�}��Ρ�b�Dx�I�ڌbK��:����B1d�r�?v���(J�>\[CK|�b�❻2��.��r�~\_��̹fBi I�Œ�>ұY o�A��1��=3����L� '3�3H���\[�X�b� '��3���0�!d,�A�<� �X�Q���<{��%�V�Ev��D��gp͕��Q5��G�������4~��u��Z ��=9�޼�\`&>7��G�3�8e�d��ꚕ�� >S�̔�I�e�;\_歌#�b7��챿��X1� �s���8�I7SPvH�x��}5C�$��4e�V�(;$3 ?ҽ��A�.�.�N�P���PvH60(�0�1F��������);$lKZ���\_�(��z�Y�

CVE-2022-3877

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

%PDF-1.5 %���� 595 0 obj << /Linearized 1 /L 1347555 /H \[ 2827 655 \] /O 599 /E 132222 /N 33 /T 1343713 >> endobj 596 0 obj << /Type /XRef /Length 126 /Filter /FlateDecode /DecodeParms << /Columns 5 /Predictor 12 >> /W \[ 1 3 1 \] /Index \[ 595 308 \] /Info 123 0 R /Root 597 0 R /Size 903 /Prev 1343714 /ID \[<74f6c007869f7607899eff177962a8df><627f210cb368e230a9c7f10ffb1b364c>\] >> stream x�cbd\`�g\`b\`\`8 "�6�H�F��f�H�� R�D���FW@$��4�,� �Y��B�N�@�1��6���l����mۻ����?�2�G�Q��$�܁w�(9�I��Q��$��- endstream endobj 597 0 obj << /Names 902 0 R /OpenAction 795 0 R /Outlines 721 0 R /PageMode /UseOutlines /Pages 720 0 R /Type /Catalog >> endobj 598 0 obj << /Filter /FlateDecode /S 560 /O 685 /Length 567 >> stream x�c\`\`\`b\`��f\`e\`\`� �\`6+�ɲ��H����A�A��I�����b� �� ���%4�E�=P���\`�(Ǩ�"r�E�I\[�\[��N��I�U���H/c�-���\`i���p�A~���e�=)o�n� NYu������B�yL^,�U"�u�ch�������끇y�J����X6�%�h)o�ω\[m�A��� 3�,/��==ѝ��E�\]��ٺ�l"�}�$��e^X(����(k���Q�0�h�r�;p�RܮI�D"'ٲ����N�:�ȈkS~:�%sӕ��u@�E���"<ӝ��\_I�#�2��y���H˪���Yo\\��f�l����)@��$��6kͶ7��KeL��e^\\u��Ѳ)7��R�\]�����7 c+�G�L��6�7��v�ɉ\[��vJ;P9�� �AH�H��X�����A��7�k�t�7�3�e��� ��aa�.���Z�>PojJ:����?J^�nBG&�\[+4|�YN\*���������޴�U��D��l���6L+Y���R%S6�/@3��o,��� endstream endobj 599 0 obj << /Contents 600 0 R /MediaBox \[ 0 0 612 792 \] /Parent 638 0 R /Resources 800 0 R /Type /Page >> endobj 600 0 obj << /Filter /FlateDecode /Length 2146 >> stream x��X\[w�~���#ݳd���$�=n�I\[{�s��!�5/ @����~3J���E3��CI����U��o��y�ց��Ty� TY�E��Rq֤�c�~k�~���u�%i�����^��2�l� �sS��ne�~o�~��㟃(\[���F����C�����h�^���N�n/�o����������\`��\]�ú�c�RTRŕj��J�|�t��zl�.�t1.� tE��ţ"�����:�׋�� �#mp�{@V�Ѽ ���E'�".� �����O��gi\\�e��݌�}ң��n���~���\`�������Ci���� O�q �L����1��y?t�y�ѿ+9-�2��6�St��5����B��.;8Z����1i�������}�uܔ%%ܩ����Ry��<�����;� Χ��T(�\*e\*�\*o�;�|^ �:'b���I������'J���qyx����';�� 3N:5�י�b�E���R���ĺ��Ȩ(-KdO��'���4 ��3Ҙ��<� x�5�M���oo ���Л����Y��\*d�D6m�r��,�S���sI��^;�H)U��;����4�\_��;�M��U�O�%����6ݴ8O�L��\\���;��"n�6$��$E��'{b���J���A�t\]˖V�Xt�H�jQ��4��F���h�X�렻�6��#�WBo��y�s�)��6���H ���F��{/W�����mu�p��"������z�JH�f�(�M�\*�q#�>\_E�\]�y����\_Ro��ng��.�p0��=��ش@��,2�\` �+���a���E�4>32���N��+�B3đ��GSH�d�Cg/��}y������H��'�k�����F�Hd5����{��|��: 6�,��7�{VP7\_�)����&\]%4�Wyϝ,v�2��N�VN���2p{�5 �����>����鞃�@��x���ߩ�%Q�����Ф�L���}��yh�|��X/�,p7�\*p������Qo������D�4��!���}��d70��X�S� 2Zp-���$Y���ZJ�m$��u��+���m�}����xy\*\[�c��R��h�k+��X�0��ܚ|�!!����kQ-��.�{M�k4tm�A��T�����vs��Mq���8l���.�\*u��^�@�����TѺ�V���!A0��ڽJҸ��c6wn?�C��yU��Qgѽ�"�:9��G�:

CVE-2022-47549

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.

%PDF-1.5 %� 7 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 8 0 R >> stream x���P(����endstream endobj 9 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 10 0 R >> stream x���P(����endstream endobj 11 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 12 0 R >> stream x���P(����endstream endobj 17 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 18 0 R >> stream x���P(����endstream endobj 20 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 21 0 R >> stream x���P(����endstream endobj 23 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 24 0 R >> stream x���P(����endstream endobj 26 0 obj << /Type /XObject /Subtype /Form /BBox \[ 0 0 100 100 \] /Filter /FlateDecode /FormType 1 /Length 15 /Matrix \[ 1 0 0 1 0 0 \] /Resources 27 0 R >> stream x���P(����endstream endobj 158 0 obj << /Filter /FlateDecode /Length 4294 >> stream xڝZK��F���W�0vD�7���ȶ�����s�ѡV��@��C=��~���ZG�Ѝ��zf��oN��W����\_��\]E� �|x��c/��MJ�8O7������0�6��T�0�?4G\[��mˇ��~�?\[�Mm�׮��<��ەUi�����5\]W^�i��N�����s<��~�\\>~��&H/ ��\]���~(��=��sY�d��!�ȶ��l�&p�\]��^Ǜ\]�{{��M���v���� ��ʸ<�d^��<4ɽp�o"/Or�o�O��&�y�,���K��׎?6m���m\[�B���gۂo\]ٿ��vA�e�����z�O�� ���m�������p� ��7!�\]�8d�#�~W������V+��b���x�}�%y��I�u��M}� y�?>c�y���?��ʂ?���ʦ\[9X���.�uy{{/O�?q\*:L���C\]iW+�Ϋ��z?��$��䛶���6�Џeov�4�i��������C/���5��^Mjb����U-���nr�N��~X�R�wg~s�����|$���󣀦!�lb-�$����k� ��}���4�!ʶ���1�آ�\\��,L\_��uh^�W&��o��,\]��#Y�Sm�҂�·h����h���\]��B{4Xܺ�( ��8��&�^q�max �

CVE-2022-47547

Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

%PDF-1.6 %���� 53 0 obj <> endobj 63 0 obj <>/Filter/FlateDecode/ID\[\]/Index\[53 19\]/Info 52 0 R/Length 73/Prev 164226/Root 54 0 R/Size 72/Type/XRef/W\[1 3 1\]>>stream h�bbd\`\`\`b\`\`���} ���d�l��7�$#��e �� H��6�� h��.F��%��� endstream endobj startxref 0 %%EOF 71 0 obj <>stream h�b\`\`�\`\`\`�b�����Y8��8����� �Lv��ᇅw��K ��r| ��?���005�@D�1�z endstream endobj 54 0 obj <>/Metadata 2 0 R/PageLayout/OneColumn/Pages 51 0 R/StructTreeRoot 6 0 R/Type/Catalog>> endobj 55 0 obj <>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 56 0 obj <>stream h��Rۊ�0���AaJ�,˲�!��ư�B�6\]B���8��h~��d'�KIS�C�-͙9�s�Q��0>���@�}E@�AB�!"nn�g� -U�I2��4�.��\\�F:��|\]�;�ǶfPo��#}�F�8����шWS!󭁐4-��3M ���ФTf8,��zƸ��N�oڭ���dq��������n{)A �7<�b�w���t�|z�?H�ٖ=�}\_p�R���lѬ�;^4W�V�%�r3Py!�Ԉ�W;$�8T��:�ZV�����h������A.���j�2Q�%0��&/ʻd��+t6/����sЕ��'���Rp�ȋ�8^Y�-n�7�Z32n'ia��Gq�6ef�?K�Mϴ� �E�EI�pS�J��e�f�O����v?�M������C\]J5P�<�'R�f��|���j��#��'�^4�^�Aޚa�2��W�q C@ ��r��k����sa��Ţ�\]���v�s�(X��/הl� endstream endobj 57 0 obj <>stream H��Wۊ7}���e�0r�.�0���C�Ƀ !�b�I���T�u����8���\[�R�.����������e�Mπ��m߱��N�L�˻�

CVE-2022-46288

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 9 and Dec. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Round up for December 9 to December 16

The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm.
SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks.
While hashes are designed to be

Encryption / Data Security

The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm.

SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks.

While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs.

In February 2017, a group of researchers from CWI Amsterdam and Google disclosed the first practical technique for crafting collisions on SHA-1, effectively undermining the security of the algorithm.

"For example, by crafting the two colliding PDF files as two rental agreements with different rent, it is possible to trick someone to create a valid signature for a high-rent contract by having him or her sign a low-rent contract," the researchers said at the time.

The cryptanalytic attacks on SHA-1 prompted NIST in 2015 to mandate federal agencies in the U.S. to stop using the algorithm for generating digital signatures, timestamps, and other applications that require collision resistance.

According to NIST's Cryptographic Algorithm Validation Program (CAVP), which curates a list of approved cryptographic algorithms, there are 2,272 libraries that have been accredited since January 2018 and still support SHA-1.

Besides urging users to rely on the algorithm to migrate to SHA-2 or SHA-3 for securing electronic information, NIST is also recommending for SHA-1 be entirely phased out by December 31, 2030.

"Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government," NIST computer scientist Chris Celi said. "Companies have eight years to submit updated modules that no longer use SHA-1."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

By Habiba Rashid
The TGP telecom giant based in North Ryde, Australia revealed that up to 15,000 iiNet and Westnet business customers have been impacted by the breach.
This is a post from HackRead.com Read the original post: Hackers Breach TPG Telecoms’ Email Host to Steal Client Data

TPG Telecom claims that the hackers seemed to be searching for the customers’ cryptocurrency and financial information.

On 14th December, 2022, Australia’s second-largest telecommunications company, TPG Telecom, announced that an email-hosting service used by 15,000 iiNet and Westnet business customers was compromised.

It is worth noting that iiNet is an Australian internet service provider (ISP) acquired by TPG in September 2015 for $1.56 billion, while Westnet is a telecom company also owned by TPG.

TPG’s cybersecurity adviser, **Google-owned Mandiant**, informed the company that they found evidence suggesting unauthorized access to a Hosted Exchange Service during a forensic review. 

The company reported that the hackers seemed to be searching for the customers’ cryptocurrency and financial information. Further details were not given but an investigation into the attack continues. 

In a **notification** (PDF), TPG Telecom said that, “We apologize unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions.”

TPG stated that it has taken steps to cut off the access for the hacker. They also confirmed that no home or personal iiNet or Westnet products were impacted in the incident. 

This news comes just days after TPG’s biggest rival Telstra **published** details of 130,000 customers due to a “misalignment of databases”. 

It is worth mentioning that **in May 2021**, Telstra was also a victim of the Avaddon ransomware gang, who gained access to tens of thousands of the company’s SIM cards.

Sample data leaked by Avaddon hackers on their website (Image credit: Hackread.com)

Australian companies have recently become a hotspot for threat actors to target due to some initial attacks on companies such as Singtel-owned **Optus**, **Medibank** and a second Singtel subsidiary which made it apparent that Australian firms had no adequate security system in place. 

Seeing an onslaught of cyber attacks targeting Australian entities, the country proposed tougher penalties for companies that failed to properly protect their customers’ data.

**MORE TELECOM SECURITY NEWS**

1.  **Hacker extracts Canadian Telecom Firm’s data after rebuttal**
2.  **Spanish telecom firm MasMovil hit by Revil ransomware gang**
3.  **Telecom giant behind routing SMS discloses years-long breach**
4.  **Police arrest minor over A1 Telecom data breach, ransom demand**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Tag

#pdf