A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tag_alias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238636.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-4747: GitHub - laoquanshi/cve: Dedecms SQL Injection

A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S85F Management Platform up to 20230820 on Smart. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238628. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-4739: cve/upload_file.md at main · Meizhi-hua/cve

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

CVE-2023-4751

If you want the highest possible level of protection, this is it.

There's a constant battle going on between software developers trying to keep their apps and platforms secure, and hackers and malware writers eager to break through those digital defenses. In its quest to offer a more secure and private suite of web apps, security-focused service provider Proton is rolling out a new feature called Proton Sentinel.

If you're new to Proton, the Switzerland-based company offers email, VPN, cloud storage, and various other digital services, with a clear emphasis on security and privacy. It's a bit like Google without the tracking or the ads, and the newly unveiled Proton Sentinel is a “high-security program” for keeping users and their data safe.

It's worth emphasizing that Proton accounts already come with a bunch of security features and protections to keep out bad actors. There's end-to-end, zero-access encryption for user data, there's two-factor authentication to help you prove you are who you say you are when you log in, there's a custom-built spam filtering system, there are real-time notifications of logins, and more.

However, Sentinel goes further. Proton describes the additional feature as offering more protection than most people will need, aimed at “users who need the most security”: Journalists, government officials, religious leaders, and leaders of international peace organizations are mentioned as some of those who are particularly at risk from hacking attempts.

You can enable Sentinel from inside your Proton account.

Proton via David Nield

"Accounts such as these have a high risk of being attacked by criminals or state-backed hackers," writes Proton's Dingchao Lu. “We are now ready to provide the same level of advanced protection and support that we reserved for these VIPs to any Proton user that wants it through the Proton Sentinel program.”

You don't have to fall into one of those categories to use Proton Sentinel, but you do have to be a paying Proton user: a Visionary, Lifetime, Family, Unlimited, or Business plan is required, and you can see details of all the plans here.

A lot of the work that Proton Sentinel does goes on behind the scenes, and you'll find that Proton itself doesn't go into too much detail about how it functions—which is sensible if you want to minimize the chances of someone else getting around it.

The advanced security protection it offers includes strict challenges for “suspicious” login attempts, typically those from devices that you don't normally use and parts of the world that you're not normally in. You might find yourself asked to confirm more of your logins to Proton services with Sentinel enabled, but it's worth it for the extra peace of mind.

Proton says that suspicious logins are flagged by automated systems and then escalated to human security analysts, around the clock. Any support requests you file related to account security will also get escalated to trained security specialists, meaning that if there is a security problem, it's going to be dealt with more quickly.

Related to this stricter policy on logins, Proton Sentinel also gives you access to detailed security logs inside your account, listing attempts to log in using your credentials, as well as other key actions you need to be aware of (such as password changes.)

More detailed security logs are available with Proton Sentinel.

Proton via David Nield

If you're on board with Proton Sentinel and everything that it offers, log into your Proton account on the web. Click the **settings** cogwheel, then **Go to settings**, and then **Security and privacy**: At the top of the screen there should be an **Enable Proton Sentinel** toggle switch that you can turn on. That's all there is to it: You're now protected.

Farther down the same screen is the security logs panel: Turn on both **Enable authentication logs** and **Enable advanced logs** to get all of the information possible about when and where your account is being used. All successful and unsuccessful login attempts are listed here, since the very first day you opened your Proton account—and if security actions were taken on a login attempt, this will be recorded next to it.

If you see something you don't recognize, you can click the **Revoke** button next to an existing session: The device in question will be remotely logged out, and a fresh sign-in will be required to use Proton's apps on that device. It's better to err on the side of caution here, and log out from any sessions that you don't immediately recognize. If you do notice anything suspicious, you should contact Proton Support too.

Proton Sentinel is simple to set up, takes very little effort to maintain, and keeps your Proton account as well protected as possible—so it makes a lot of sense to enable the feature. Like the Enhanced Safety Mode that Google offers as part of Chrome's feature set, Sentinel goes above and beyond the norms to make sure that there's no unauthorized access to your account.

How to Use Proton Sentinel to Keep Your Accounts Safe

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).
The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.
“A

Network Security / Vulnerability

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).

The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.

"A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week.

Summoning Team's Sina Kheirkhah, who published the PoC following an analyzing the patch by VMware, said the root cause can be traced back to a bash script containing a method named refresh\_ssh\_keys(), which is responsible for overwriting the current SSH keys for the support and ubuntu users in the authorized\_keys file.

"There is SSH authentication in place; however, VMware forgot to regenerate the keys," Kheirkhah said. "VMware's Aria Operations for Networks had hard-coded its keys from version 6.0 to 6.10."

VMware's latest fixes also address CVE-2023-20890, an arbitrary file write vulnerability impacting Aria Operations for Networks that could be abused by an adversary with administrative access to write files to arbitrary locations and achieve remote code execution.

In other words, a threat actor could leverage the PoC to obtain admin access to the device and exploit CVE-2023-20890 to run arbitrary payloads, making it crucial that users apply the updates to secure against potential threats.

The release of the PoC coincides with the virtualization technology giant issuing fixes for an high-severity SAML token signature bypass flaw (CVE-2023-20900, CVSS score: 7.5) across several Windows and Linux versions of VMware Tools.

"A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations," the company said in an advisory released Thursday.

Peter Stöckli of GitHub Security Lab has been credited with reporting the flaw, which affects the following versions -

*   VMware Tools for Windows (12.x.x, 11.x.x, 10.3.x) - Fixed in 12.3.0
*   VMware Tools for Linux (10.3.x) - Fixed in 10.3.26
*   Open-source implementation of VMware Tools for Linux or open-vm-tools (12.x.x, 11.x.x, 10.3.x) - Fixed in 12.3.0 (to be distributed by Linux vendors)

The development also comes as Fortinet FortiGuard Labs warned of continued exploitation of Adobe ColdFusion Vulnerabilities by threat actors to deploy cryptocurrency miners and hybrid bots such as Satan DDoS (aka Lucifer) and RudeMiner (aka SpreadMiner) that are capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks.

Also deployed is a backdoor named BillGates (aka Setag), which is known for hijacking systems, stealing sensitive information, and initiating DDoS attacks.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

Expand Up @@ -6,7 +6,7 @@ CheckScreendump  
func Test\_crash1() " The following used to crash Vim let opts \= #{wait\_for\_ruler: 0} let opts \= #{wait\_for\_ruler: 0, rows: 20} let args \= ' -u NONE -i NONE -n -e -s -S ' let buf \= RunVimInTerminal(args .. ' crash/poc\_huaf1', opts) call VerifyScreenDump(buf, 'Test\_crash\_01', {}) Expand All @@ -22,4 +22,13 @@ func Test\_crash1()  
endfunc  
func Test\_crash2() " The following used to crash Vim let opts \= #{wait\_for\_ruler: 0, rows: 20} let args \= ' -u NONE -i NONE -n -e -s -S ' let buf \= RunVimInTerminal(args .. ' crash/vim\_regsub\_both', opts) call VerifyScreenDump(buf, 'Test\_crash\_01', {}) exe buf .. "bw!" endfunc  
" vim: shiftwidth\=2 sts\=2 expandtab

CVE-2023-4738: patch 9.0.1848: [security] buffer-overflow in vim_regsub_both() · vim/vim@ced2c73

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

patch 9.0.1833: \[security\] runtime file fixes

Problem:  runtime files may execute code in current dir
Solution: only execute, if not run from current directory

The perl, zig and ruby filetype plugins and the zip and gzip autoload
plugins may try to load malicious executable files from the current
working directory.  This is especially a problem on windows, where the
current directory is implicitly in your $PATH and windows may even run a
file with the extension \`.bat\` because of $PATHEXT.

So make sure that we are not trying to execute a file from the current
directory. If this would be the case, error out (for the zip and gzip)
plugins or silently do not run those commands (for the ftplugins).

This assumes, that only the current working directory is bad. For all
other directories, it is assumed that those directories were
intentionally set to the $PATH by the user.

Signed-off-by: Christian Brabandt <cb@256bit.org>

*   Loading branch information

CVE-2023-4736: patch 9.0.1833: [security] runtime file fixes · vim/vim@816fbcc

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

CVE-2023-4735

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 5k

*   Code
*   Issues 1.3k
*   Pull requests 152
*   Discussions
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

patch 9.0.1846: \[security\] crash in fullcommand

Problem:  crash in fullcommand
Solution: Check for typeval correctly

Signed-off-by: Christian Brabandt <cb@256bit.org>

*   Loading branch information

Showing **3 changed files** with **8 additions** and **1 deletion**.

*   *   ex\_docmd.c
    *   *   test\_functions.vim
    *   version.c

2 changes: 1 addition & 1 deletion src/ex\_docmd.c

Expand Up

@@ -4087,7 +4087,7 @@ f\_fullcommand(typval\_T \*argvars, typval\_T \*rettv)

|| check\_for\_opt\_bool\_arg(argvars, 1) \== FAIL))

return;

  

name \= argvars\[0\].vval.v\_string;

name \= tv\_get\_string(&argvars\[0\]);

if (name \== NULL)

return;

  

Expand Down

5 changes: 5 additions & 0 deletions src/testdir/test\_functions.vim

Expand Up

@@ -3607,4 +3607,9 @@ func Test\_string\_reverse()

let &encoding \= save\_enc

endfunc

  

func Test\_fullcommand()

" this used to crash vim

call assert\_equal('', fullcommand(10))

endfunc

  

" vim: shiftwidth\=2 sts\=2 expandtab

2 changes: 2 additions & 0 deletions src/version.c

Expand Up

@@ -699,6 +699,8 @@ static char \*(features\[\]) =

  

static int included\_patches\[\] \=

{ /\* Add new patch number below this line \*/

/\*\*/

1846,

/\*\*/

1845,

/\*\*/

Expand Down

**0 comments on commit 4c6fe2e**

Please sign in to comment.

CVE-2023-4734: patch 9.0.1846: [security] crash in fullcommand · vim/vim@4c6fe2e

By Deeba Ahmed
Smishing Triad Impersonating Leading Mail/Delivery Services in New Attack
This is a post from HackRead.com Read the original post: Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

Triad cleverly impersonates postal/delivery services like Royal Mail or USPS to trap unsuspecting US citizens in its newly detected smishing campaign.

Cybersecurity rsearcgers at Resecurity have published an advisory about the newly discovered large-scale smishing campaign from the Chinese-speaking cybercrime group Smishing Triad targeting US-based users through impersonating popular mail and delivery services.

According to Resecurity, Smishing Triad originates from China and uses smishing attacks as its primary attack vector. Researchers found that Smishing Triad has affiliations with several different cybercrime groups and that the group offers cybercrime-as-a-service infrastructure with its Smishing kit subscription starting at $200/month. Subscribers receive activation codes and deployment scripts with different frameworks.

“It is complicated to disrupt cyber-criminal activity committed by actors located in foreign jurisdictions like China without proper regulatory harmonization and mutual legal assistance abroad. Resecurity is thus sharing information about the ‘Smishing Triad’ with the cybersecurity community and general public to raise awareness to help organizations better safeguard their customers,” the advisory read.

**What is a Smishing Attack?**

Smishing (aka SMS Phishing), scammers exploit SMS or text message features and services to trap unsuspecting users into revealing sensitive personal and financial details, including passwords, banking credentials, and debit/credit card numbers, and lure them into downloading malicious software.

Threat actors mimic some credible government or private entity for instance, postal services, government institutions, or banks for creating a sense of legitimacy around these messages. 

**How Does the Attack Occur?**

The group generally exploits iMessage service for sending package-tracking scams, and steals PII (personally identifiable information) and financial data (such as payment card details or banking credentials) to conduct credit card fraud and identity theft.

This time, Smishing Triad has changed its strategy slightly and exploits messages from compromised Apple iCloud accounts to trick users. Its smishing kit is also up for sale on Telegram IM groups to create an extensive and well-organized fraud-as-a-service network.

Resecurity threat intelligence team accessed and reverse-engineered one such kit and discovered an SQL injection vulnerability through which they could retrieve sensitive data of more than 108,000 victims and warned them about the likelihood of identity theft.

**Who are the Targets?**

In this campaign, Smishing Triad is targeting US citizens. The group impersonates most leading postal and delivery services to trick users, including the following:

*   USPS
*   Correos (Spain)
*   New Zealand Post
*   The Royal Mail (UK)
*   Postnord (Sweden)
*   Poczta Polska (Poland)
*   J&T Express (Indonesia)
*   New Zealand Postal Service (NZPOST)
*   Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate)

The victim receives a message from any of these services requesting additional information or payment of delivery fees through a credit card. After obtaining the desired information, the attackers can commit financial fraud.

Phished text – What happens when the phishing link is clicked (Rsecurity)

In its earlier campaigns, the group targeted users from diverse regions such as the UK, Poland, Japan, Indonesia, Sweden, and Italy.

**Protection from Smishing Attacks**

Protecting yourself from smishing (SMS phishing) is important for safeguarding your personal information and financial security. Here are five points to help you stay safe from smishing:

*   **Verify the Sender**: Always verify the sender’s identity before responding to any SMS messages, especially those that ask for personal or financial information. Legitimate organizations usually include their name and contact information in their messages.
*   **Don’t Click on Links**: Avoid clicking on links or downloading attachments in text messages, especially if you didn’t expect to receive such a message. These links may lead to malicious websites or install malware on your device.
*   **Be Cautious with Personal Information**: Never share personal or financial information via text messages, such as Social Security numbers, credit card details, or login credentials. Legitimate organizations will not ask for such sensitive data through SMS.
*   **Use Trusted Sources**: If you receive an SMS claiming to be from a bank, government agency, or other official institution, don’t trust it blindly. Instead, contact the organization directly using a trusted phone number or website to verify the message’s authenticity.
*   **Install Security Software**: Use reputable antivirus and anti-malware software on your mobile device. These tools can help detect and block malicious SMS messages and links.

Additionally, keeping your phone’s operating system and apps up-to-date, using strong and unique passwords for your accounts, and enabling two-factor authentication wherever possible can further enhance your protection against smishing and other cyber threats.

Tag

#git