By Waqas
Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally.
This is a post from HackRead.com Read the original post: New Hacker Group GambleForce Hacks Targets with Open Source Tools

Cybersecurity researchers at Singapore-based Group-IB have unmasked EagleStrike, a subgroup of the GambleForce hacker group. They are opportunistic hackers exploiting simple vulnerabilities.

In September 2023, Group-IB’s Threat Intelligence unit discovered a command and control server hosting publicly available open-source **pentesting tools**, none being custom-made, designed for SQL injections.

The attacker was identified as “GambleForce,” who had targeted 24 organizations in government, gambling, retail, travel, and job-seeking sectors across 8 countries between September and December 2023, successfully compromising 6 websites in Australia, Indonesia, the Philippines, and South Korea. The group has also targeted websites in China, India, and Thailand.

The group uses basic yet effective techniques like SQL injections. It exploits vulnerable website content management systems (CMS) to extract user databases containing logins, hashed passwords, and tables from accessible databases.

GambleForce is not selective in its targets but collects hashed and plain text credentials. This suggests a broader motive beyond targeted attacks, possibly amassing data for future exploits or selling on the **dark web**.

The threat actors aim to exfiltrate any available information within targeted databases, such as hashed and plain text user credentials. The group’s actions with the stolen data remain unknown.

In an attack targeting Brazil, GambleForce exploited **CVE-2023-23752**, a vulnerability in the Joomla CMS, and snatched data directly from contact form submissions, showcasing their adaptability and willingness to improvise.

Further probing revealed that GambleForce uses open-source tools like dirsearch, redis-rogue-getshell, and **Tinyproxy** for directory brute-forcing, web traffic intercepting, and SQL injections to exploit vulnerabilities in database servers. Their preferred tool is sqlmap, a pentesting tool that exploits SQL injection vulnerabilities. 

Researchers also found **Cobalt Strike**, a popular pen-testing framework, on their server, showcasing commands in Chinese. It is worth noting that recently Chinese scammers have wreaked havoc by creating cloned versions of legitimate websites and redirecting visitors to gambling sites. 

In November 2023, **Hackread.com reported** about the activities of Chinese hackers in which MindaNews, a Philippine newspaper, discovered a Chinese clone of its website (mmart-inn.com) that has been illegally replicating the newspaper’s content for two years, with the most recent translation being from February 2023.

In its **blog post**, Group-IB’s Threat Intelligence wrote that its researchers shared the recent findings with its 24/7 Computer Emergency Response Team (CERT-GIB), which took down the cybercriminals’ C2 server. GambleForce is likely to regroup/rebuild its infrastructure before launching new attacks.

Nevertheless, the case goes on to show that even the most basic security gaps can have significant consequences, underscoring the need for a layered defence strategy that prioritizes patching known vulnerabilities and implementing vital security controls.

****_RELATED ARTICLES_****

1.  **Domain Squatting and Brand Hijacking: A Silent Threat**
2.  **Chinese APT Posing as Cloud Services to Spy on Cambodia**
3.  **Chinese APT spying on Vietnam military with FoundCore RAT**
4.  **Hackers attack Casino’s fish tank thermometer to obtain data**
5.  **ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store**

New Hacker Group GambleForce Hacks Targets with Open Source Tools

Everyone's New Year's Resolution should be to stop using passwords altogether.

Thursday, December 14, 2023 14:00

As you’ve probably seen by now, Talos released our 2023 Year in Review report last week. It’s an extremely comprehensive look at the top threats, attacker trends and malware families from the past year with never-before-seen Cisco Talos telemetry. 

We have podcasts, long-form videos and even Reddit AMAs to keep you covered and make it easy to digest our major takeaways from the report. Or, just kick back with a cup of coffee and read the full report — your choice! 

With this being the last Threat Source newsletter of the calendar year, I figured I’d do a Year in Review of my own. I don’t have the data or first-hand research to back any of these statements up, this is purely just _vibes_\-based or things I’ve discovered about myself and my cybersecurity habits over the past year, so while you may not be able to deploy any of these things on your firewall, I hope they serve as good advice to anyone thinking about the security landscape heading into the new year. 

*   **Do as I say, not as I do.** Before my daughter was born, I wrote in this newsletter about how I was skeptical about posting her face online and entering her personal data into various platforms while she’s so young and unable to even understand what a phone is. As soon as she was old enough to smile, I folded quickly. I’ll admit that I’ve posted her face all over Instagram, supplied her information to Gerber to enter her into the annual Gerber Baby competition (she came up short behind Maddie, apparently) and given personal information to who knows what sites while I was randomly trying to get answers to my first-time parent questions at 2 a.m. when she was getting her first tooth. None of these things are particularly smart in the long run, but as an unbiased observer, I can confidently say her cuteness on the internet only makes it a better place. 
*   **Just assume your passwords are going to get out there.** Several major password management services were hit with data breaches this year. And there were countless headlines about how brute-forcing password guesses led to others. The basic idea of a password manager is that your login information is inherently safer than just using the same password repeatedly, writing them down on a physical sheet of paper, or just hoping you remember each time you log in. At this point, I think it’s just safe to say that passwords are not your safest option. Passkeys and a passwordless approach to security are becoming increasingly popular, so where you can enroll in that, do it. Or if a traditional username and password combination is your only option, change that password as often as you can and make sure you have multi-factor authentication enabled to whatever password management service you use.  
*   **It’s time to get off Twitter.** Or X, whatever you want to call it. This platform has fully jumped the shark at this point and is rife with misinformation. The company has completely torn down any internal teams it has dedicated to fighting fake news or scams and searching for literally anything will surface misleading information, outright lies or offensive content. I miss the days when I could go to Twitter and search for a topic to get updates on a particular news item. I’m writing this on Dec. 13, and in the “Trending” sidebar on Twitter, I saw that “#cyberattack” was trending. Naturally, I wanted to see if there was an event going on I should be aware of, for obvious reasons. Instead, my results in the “Top” section included some word salad about the Bank of England targeting its own country’s critical infrastructure, a nonsensical clip from commentator Dan Bongino about woke leftists showing a cyber pandemic in a new movie, and a shocking amount of conspiracy theories about said new movie “Leave the World Behind.” It reminds me of the Michael Bluth line from “Arrested Development” when he grabs the bag out of the fridge that says, “Dead Dove DO NOT EAT.” 
*   **Don’t ever assume a threat is gone forever.** Over the past year, many major threat actors and malware operators that were once thought removed showed they could find a way back. The story of the FBI’s takedown of the Qakbot botnet was a major headline in August, and anyone who read the basic coverage would have thought, “Cool, don’t need to worry about those guys anymore!” However, subsequent research from Talos and other security firms found that remnants of Qakbot are still around, specifically services dedicated to sending spam. Trickbot, a major threat actor known for big game hunting, recently switched up its tactics and is actively targeting organizations in Ukraine, despite its developer being arrested and pleading guilty to several U.S. federal charges. And Emotet, which is known for its various stops-and-starts, is relatively quiet right now but was briefly active again earlier this year. This is not to say that these law enforcement server takedowns and arrests aren’t working — anything we can do to make the bad guys’ lives harder is a win in the end — but it’s continued proof that we can never really count any threat out.  

**The one big thing **

Cisco Talos recently discovered a new campaign conducted by the Lazarus Group we’re calling “Operation Blacksmith,” employing at least three new DLang-based malware families, two of which are remote access trojans (RATs), where one of these uses Telegram bots and channels as a medium of command and control (C2) communications. Our latest findings indicate a definitive shift in the tactics of the infamous North Korean state-sponsored actor. 

**Why do I care? **

This particular activity can be attributed to Andariel, a spinoff of the Lazarus Group. They’re actively exploiting the Log4shell vulnerability in Log4j, which is virtually everywhere. The hope is that most people have patched since the ubiquitous vulnerability was discovered in late 2021, but telemetry indicates there are many vulnerable instances still out there. Once infected, Andariel looks to install other malware loaders on the targeted machines and executes remote code that allows them to learn about the details of the system.  

**So now what? **

Talos’ blog outlines the numerous ways Cisco Secure products have protections in place to defend against Operation Blacksmith and other activities from Lazarus Group. 

**Top security headlines of the week **

**Hundreds of Windows and Linux devices from a range of manufacturers are vulnerable to a newly discovered attack called “LogoFAIL.”** The attack involves an adversary executing malicious firmware during the machines’ boot-up sequences, which means it’s difficult for traditional detection methods to block, or for users to even notice that it’s happening. The researchers who discovered this exploit wrote in their full paper that, once the attacker uses LogoFAIL to execute remote code during the Driver Execution Environment phase, it’s “game over for platform security.” Although there is no indication this type of attack has been used in the wild, it is being tracked through several CVEs. Potentially affected users should update to the latest version of UEFI by updating their firmware, including new patches from AMI, Intel, Insyde, Phoenix and Lenovo. Users can also lock down their machine’s EFI System Partition (ESP) so adversaries can’t access it, which is necessary to carry out LogoFAIL. (ArsTechnica, ZDNet) 

**The U.K. publicly charges Russia’s intelligence agency, the FSB, of a yearslong cyber espionage campaign targeting British government officials and other high-profile public citizens.** The U.K. Foreign Office said the FSB conducted "sustained unsuccessful attempts to interfere in U.K. political processes” over several years, including stealing information relating to the country’s national elections in 2019. The alleged campaigns involved trying to breach emails belonging to politicians, journalists, activists and academics, and fake social media profiles set up to impersonate the target’s contacts. One MP in British parliament said their emails had been stolen. Several individuals belonging to a group known as Star Blizzard have been sanctioned for their connections to these activities. (BBC, Politico) 

**Several major hardware and software vendors released their last patches of the calendar year this week.** Microsoft disclosed four critical vulnerabilities as part of its regular Patch Tuesday, three of which could lead to remote code execution. However, the total number of vulnerabilities included in December’s Patch Tuesday, 33, was the lowest in a single month since December 2019. Meanwhile on Monday, Apple released patches for its major pieces of hardware, disclosing security issues in iPhones, Macs and more. One of the vulnerabilities in macOS, CVE-2023-42914, is a kernel issue with the potential to allow apps to break out of their sandboxes. Additionally, the U.S. Cybersecurity and Infrastructure Security Agency released an advisory that attackers are actively exploiting a vulnerability in Adobe ColdFusion, which potentially poses a threat to government agencies. CVE-2023-26360 is an improper access control issue that could lead to arbitrary code execution. (Dark Reading, Talos, Security Boulevard) 

**Can’t get enough Talos? **

*   Network Infrastructure Is A Prime Target For Cyber Threats 
*   North Korean hackers using Log4J vulnerability in global campaign 
*   Video: Talos 2023 Year in Review highlights 
*   CCQ explores cybersecurity strategies for managing and responding to industrial incidents 
*   CW39 Houston: Protect Yourself from Cyber Attack 
*   Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware 

**Upcoming events where you can find Talos **

**NIS2 Directive: Why Organizations Must Act Now to Ensure Compliance and Security** **(Jan. 11, 2024, 10 a.m. GMT)** 

Virtual 

> _The NIS2 Directive is a crucial step toward securing Europe’s critical infrastructure and essential services in an increasingly interconnected world. Organizations must act now to prepare for the new requirements, safeguard their operations, and maintain a robust cybersecurity posture. Gergana Karadzhova-Dangela from Cisco Talos Incident Response and other Cisco experts will talk about how organizations can best prepare for the coming regulations._  

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725   
**MD5:** d47fa115154927113b05bd3c8a308201    
**Typical Filename:** mssqlsrv.exe   
**Claimed Product:** N/A     
**Detection Name:** Trojan.GenericKD.65065311 

**SHA 256:** 5e537dee6d7478cba56ebbcc7a695cae2609010a897d766ff578a4260c2ac9cf   
**MD5:** 2cfc15cb15acc1ff2b2da65c790d7551   
**Typical Filename:** rcx4d83.tmp   
**Claimed Product:** N/A     
**Detection Name:** Win.Dropper.Pykspa::tpd  

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507    
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f    
**Typical Filename:** VID001.exe    
**Claimed Product:** N/A    
**Detection Name:** Win.Worm.Coinminer::1201 

**SHA 256:** 5a6b089b1d2dd66948f24ed2d9464ce61942c19e98922dd77d36427f6cded634   
**MD5:** 05436c22388ae10b4023b8b721729a33   
**Typical Filename:** BossMaster.txt   
**Claimed Product:** N/A   
**Detection Name:** PS1.malware.to.talos 

**SHA 256:** 975517668a3fe020f1dbb1caafde7180fd9216dcbf0ea147675ec287287f86aa   
**MD5:** 9403425a34e0c78a919681a09e5c16da   
**Typical Filename:** vincpsarzh.exe   
**Claimed Product:** N/A   
**Detection Name:** Win.Dropper.Scar::tpd

A personal Year in Review to round out 2023


Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 



**Impact**

High

**Details**

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2023-44286 

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. .  Exploitation may lead to information disclosure, session theft, or client-side request forgery. 

8.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-48668 

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. 

8.2 

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2023-44285  

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. 

7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44277  

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 

7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-48667 

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. 

7.2 

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44279  

Dell PowerProtect DD , versions prior to 7.13.0.10,  LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker. 

6.7 

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44278 

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110  contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. 

6.7 

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44284 

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. 

 4.3 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2023-44286 

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. .  Exploitation may lead to information disclosure, session theft, or client-side request forgery. 

8.8 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-48668 

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. 

8.2 

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2023-44285  

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. 

7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44277  

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 

7.8 

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-48667 

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. 

7.2 

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44279  

Dell PowerProtect DD , versions prior to 7.13.0.10,  LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker. 

6.7 

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44278 

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110  contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. 

6.7 

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2023-44284 

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data. 

 4.3 

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

**Affected Products and Remediation**

CVEs Addressed                    

Product 

Affected Versions 

Remediated Versions 

Link 

CVE-2023-44286,  CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 

Dell PowerProtect DD series appliances 

Dell PowerProtect DD Virtual Edition 

Dell APEX Protection Storage 

7.0 to 7.12.0.0 

7.13.0.10 and above   
or   
7.10.1.15 and above to stay on LTS2023 7.10   
or    
7.7.5.25 and above to stay on LTS2022 7.7 

For more details about DD OS software versions available for download, see the links below (requires log in to Dell Support to view articles):   
 

*   https://www.dell.com/support/kbdoc/ 000081247
    
*   https://www.dell.com/support/kbdoc/ 000014125525902 
    

6.2.1.100 and below 

6.2.1.110 and above 

CVE-2023-44286, CVE-2023-48668, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278 

Dell PowerProtect DD management Center 

7.0 to 7.12.0.0 

7.13.0.10 and above    
or    
7.10.1.15 and above to stay on LTS2023 7.10    
or     
7.7.5.25 and above to stay on LTS2022 7.7 

6.2.1.100 and below   

6.2.1.110 and above   

CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284   
 

PowerProtect DP Series Appliance (IDPA): All Models 

2.7.4 and below 

2.7.6 and above 

Expected Availability: December 21, 2023   

 CVE-2023-44284 

PowerProtect Data Manager Appliance model: DM5500  

5.14 and below 

5.15.0.0 and above 

To download (requires log in to Dell Support): https://dl.dell.com/downloads/HY8KV\_PowerProtect-Data-Manager-DM5500-Appliance-5.15.0.0-Upgrade-file.pkg 

CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 

Dell PowerProtect DD series appliances and Dell PowerProtect DD Virtual Edition leveraged in the Disk Library for Mainframe (DLm) environment 

7.0 to 7.12.0.0 

7.13.0.10 and above   
or   
7.10.1.15 and above to stay on LTS2023 7.10   
or    
7.7.5.25 and above to stay on LTS2022 7.7    
 

Contact customer support to schedule the code update. 

For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): 

*   https://www.dell.com/support/kbdoc/000081247 
    
*   https://www.dell.com/support/kbdoc/000014125
    

6.2.1.100 and below 

6.2.1.110 and above  

CVEs Addressed                    

Product 

Affected Versions 

Remediated Versions 

Link 

CVE-2023-44286,  CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 

Dell PowerProtect DD series appliances 

Dell PowerProtect DD Virtual Edition 

Dell APEX Protection Storage 

7.0 to 7.12.0.0 

7.13.0.10 and above   
or   
7.10.1.15 and above to stay on LTS2023 7.10   
or    
7.7.5.25 and above to stay on LTS2022 7.7 

For more details about DD OS software versions available for download, see the links below (requires log in to Dell Support to view articles):   
 

*   https://www.dell.com/support/kbdoc/ 000081247
    
*   https://www.dell.com/support/kbdoc/ 000014125525902 
    

6.2.1.100 and below 

6.2.1.110 and above 

CVE-2023-44286, CVE-2023-48668, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278 

Dell PowerProtect DD management Center 

7.0 to 7.12.0.0 

7.13.0.10 and above    
or    
7.10.1.15 and above to stay on LTS2023 7.10    
or     
7.7.5.25 and above to stay on LTS2022 7.7 

6.2.1.100 and below   

6.2.1.110 and above   

CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284   
 

PowerProtect DP Series Appliance (IDPA): All Models 

2.7.4 and below 

2.7.6 and above 

Expected Availability: December 21, 2023   

 CVE-2023-44284 

PowerProtect Data Manager Appliance model: DM5500  

5.14 and below 

5.15.0.0 and above 

To download (requires log in to Dell Support): https://dl.dell.com/downloads/HY8KV\_PowerProtect-Data-Manager-DM5500-Appliance-5.15.0.0-Upgrade-file.pkg 

CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 

Dell PowerProtect DD series appliances and Dell PowerProtect DD Virtual Edition leveraged in the Disk Library for Mainframe (DLm) environment 

7.0 to 7.12.0.0 

7.13.0.10 and above   
or   
7.10.1.15 and above to stay on LTS2023 7.10   
or    
7.7.5.25 and above to stay on LTS2022 7.7    
 

Contact customer support to schedule the code update. 

For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): 

*   https://www.dell.com/support/kbdoc/000081247 
    
*   https://www.dell.com/support/kbdoc/000014125
    

6.2.1.100 and below 

6.2.1.110 and above  

Additional, related information is available at this Knowledgebase article KB000220263: Additional Information Regarding DSA-2023-412: Dell PowerProtect DD Vulnerabilities.  

Expected availability dates are subject to change.

**Acknowledgements**

CVE-2023-44279: Dell Technologies would like to thank Rushank Shetty and Ryan Kane (Security Researchers at Northwestern Mutual) for reporting this issue. 

CVE-2023-44277, CVE-2023-44284, CVE-2023-44286: Dell Technologies would like to thank Jakub Brzozowski (redfr0g), Franciszek Kalinowski, and Stanisław Koza from STM Cyber for reporting these issues. 

CVE-2023-44285: Dell Technologies would like to thank Jens Krüger from SAP for reporting this issue. 

**Revision History**

Revision 

Date 

Description 

1.0 

2023-12-13

Initial Release 

2.0

2023-12-13 

Updated for enhancement no change to content

3.0

2023-12-13 

• Updated "Affected Product" section under "Article Properties"  
• Added Additional details stating "The downloads will be made available shortly"

4.0

2023-12-13

Added Additional Acknowledgement in "Acknowledgements" section

5.0

2023-12-13

• Corrected link in the "Affected Products and Remediation" Table   
• Removed Additional Details statement "The downloads will be made available shortly"   
• Updated "Affected Product section under "Article Properties"

6.0

2023-12-13

Updated "Affected Product section under "Article Properties"

**Related Information**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Data Backup & Protection Storage, Data Domain, PowerProtect Data Protection Appliance, PowerProtect Data Manager Appliance, DD3300 Appliance, Data Domain Deduplication Storage Systems, DD OS 6.2, DD OS, DD OS 6.0, DD OS 6.1, DD OS 7.0, DD OS 7.1 , DD OS 7.10, DD OS 7.11, DD OS 7.12, DD OS 7.2, DD OS 7.3, DD OS 7.4, DD OS 7.5, DD OS 7.6, DD OS 7.7, DD OS 7.8, DD OS 7.9, Data Domain Virtual Edition, DD2200 Appliance, DD6300 Appliance, DD6400 Appliance, DD6800 Appliance, DD6900 Appliance, DD9300 Appliance, DD9400 Appliance, DD9800 Appliance, DD9900 Appliance, Disk Library for mainframe, PowerProtect Data Domain Management Center, Integrated Data Protection Appliance Software, PowerProtect DM5500 ...

CVE-2023-44277: DSA-2023-412: Dell Technologies PowerProtect Security Update for Multiple Security Vulnerabilities

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-50563: Cms_Vuls_test/Semcms/Semcms_Sql_Inject.md at main · SecBridge/Cms_Vuls_test

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

**Brief of this vulnerability**  
EmpireCMS v7.5 has an SQL injection vulnerability when configuring FTP passwords

**Test Environment**  
Windows10  
PHP 5.4.45+Apache/2.4.39

**Affect version**  
EmpireCMS 7.5

**Vulnerable Code**  
e\\admin\\SetEnews.php line 353

  

**Vulnerability display**  
First enter the background

Click to add and capture the packet  

Modify parameters  
payload：ftppassword=test'+and+(updatexml(1,concat(0x3a,(database())),1))+and'  

Successfully obtained the database name

CVE-2023-50073: EmpireCMS v7.5 SetEnews.php has sql injection vulnerability · Issue #7 · leadscloud/EmpireCMS

Red Hat Security Advisory 2023-7790-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7790.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:10 security updateAdvisory ID:        RHSA-2023:7790-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7790Issue date:         2023-12-13Revision:           03CVE Names:          CVE-2023-5869====================================================================Summary: An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5869References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247169

Red Hat Security Advisory 2023-7790-03

Red Hat Security Advisory 2023-7789-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7789.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:10 security updateAdvisory ID:        RHSA-2023:7789-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7789Issue date:         2023-12-13Revision:           03CVE Names:          CVE-2023-5869====================================================================Summary: An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5869References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247169

Red Hat Security Advisory 2023-7789-03

Red Hat Security Advisory 2023-7788-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7788.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:10 security updateAdvisory ID:        RHSA-2023:7788-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7788Issue date:         2023-12-13Revision:           03CVE Names:          CVE-2023-5869====================================================================Summary: An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5869References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247169

Red Hat Security Advisory 2023-7788-03

Red Hat Security Advisory 2023-7786-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7786.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:10 security updateAdvisory ID:        RHSA-2023:7786-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7786Issue date:         2023-12-13Revision:           03CVE Names:          CVE-2023-5869====================================================================Summary: An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5869References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247169

Red Hat Security Advisory 2023-7786-03

Red Hat Security Advisory 2023-7785-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7785.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:15 security update  
Advisory ID:        RHSA-2023:7785-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7785  
Issue date:         2023-12-13  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

* postgresql: MERGE fails to enforce UPDATE or SELECT row security policies (CVE-2023-39418)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2228112  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Tag

#sql