SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 33
The Consensus Security Vulnerability Alert
Untitled
INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
More Exotic Excel Files Dropping AgentTesla
Published: 2023-08-23
Last Updated: 2023-08-23 07:22:57 UTC
by Xavier Mertens (Version: 1)
Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others! Just check your local registry.
Attackers like to use more “exotic” extensions to increase chances of evading simple and stupid rules at mail gateways. This time, the extension used was “.xlam”. I spotted several emails (probably from the same campaign) that delivered .xlam files to potential victims.
An XLAM file is a macro-enabled add-in used to add new features to Excel. The icon looks like Excel and should make the user confident to open it...
Read the full entry:
https://isc.sans.edu/diary/More+Exotic+Excel+Files+Dropping+AgentTesla/30150/
SystemBC Malware Activity
Published: 2023-08-20
Last Updated: 2023-08-20 21:34:41 UTC
by Guy Bruneau (Version: 1)
This month, my DShield sensor captured for the first time this request: /systembc/password.php. I checked back for the past 6 months and only have noticed this request this 5 times this month from 4 different sources. According to some references, this is likely the SystemBC Remote Access Trojan (RAT), all 4 IPs are part of the Digital Ocean ASN and only one has been reported as likely malicious. Several samples have been reported to Any.run this month.
To verified if there was some kind of change, I reviewed DShield logs submission for the past year and noticed nothing really significant until the beginning of Jan 2023 looking for this directory. However, starting on the 3rd of Aug 2023, there a significant change in the daily report for this directory going from an average of 30 submission to 445 and overing in the hundred since then.
Read the full entry:
https://isc.sans.edu/diary/SystemBC+Malware+Activity/30138/
From a Zalando Phishing to a RAT
Published: 2023-08-18
Last Updated: 2023-08-18 06:11:34 UTC
by Xavier Mertens (Version: 1)
Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German retailer of shoes, fashion across Europe. It was the first time that I saw them used in a phishing campaign.
Read the full entry:
https://isc.sans.edu/diary/From+a+Zalando+Phishing+to+a+RAT/30136/
Internet Storm Center Entries
Have You Ever Heard of the Fernet Encryption Algorithm? (2023.08.22)
https://isc.sans.edu/diary/Have+You+Ever+Heard+of+the+Fernet+Encryption+Algorithm/30146/
Quick Malware Triage With Inotify Tools (2023.08.21)
https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/
Command Line Parsing - Are These Really Unique Strings? (2023.08.17)
https://isc.sans.edu/diary/Command+Line+Parsing+Are+These+Really+Unique+Strings/30126/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-38035 - Ivanti MobileIron Sentry versions 9.18.0 and below are vulnerable to an authentication bypass due to an insufficiently restrictive Apache HTTPD configuration in MICS Admin Portal.
CVE-2023-38035 - API-Authentication-Bypass-on-Sentry-Administrator-Interface
CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface">https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface
CVE-2023-35082 - Ivanti EPMM 11.10 and older allow unauthorized users to access restricted functionality or resources without authentication.
CVE-2023-35082 - Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US">https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
CVE-2023-21709 - Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2023-38860 - An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVE-2023-38896 - Harrison Chase langchain v.0.0.194 and earlier versions allow remote attackers to execute arbitrary code through from_math_prompt and from_colored_object_prompt functions.
CVE-2023-39659 - Langchain-ai v.0.0.232 and before allows remote code execution through a crafted script in PythonAstREPLTool._run component.
CVE-2023-38915 - File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.
CVE-2023-39661 - An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.
CVE-2023-39662 - llama_index v.0.7.13 and earlier versions allow remote attackers to execute arbitrary code via the `exec` parameter in the PandasQueryEngine function.
CVE-2023-38861 - Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 is vulnerable to remote code execution through the username parameter of the adm.cgi set_sys_adm function.
CVE-2023-38862 - COMFAST CF-XR11 v.2.7.2 is vulnerable to arbitrary code execution via the destination parameter of sub_431F64 function in bin/webmgnt.
CVE-2023-38863 - COMFAST CF-XR11 v.2.7.2 is vulnerable to arbitrary code execution through the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
CVE-2023-38865 - COMFAST CF-XR11 V2.7.2 is vulnerable to command injection at function sub_4143F0, enabling attackers to inject commands into parameter timestr via POST request messages to /usr/bin/webmgnt.
CVE-2023-38864 - COMFAST CF-XR11 v.2.7.2 allows arbitrary code execution due to a vulnerability in the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.
CVE-2023-38866 - COMFAST CF-XR11 V2.7.2 is vulnerable to command injection at function sub_415588, allowing attackers to execute arbitrary commands by exploiting the parameter interface and display_name in POST request messages sent to /usr/bin/webmgnt.
CVE-2023-4323 - Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup
CVE-2023-4324 - Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers
CVE-2023-4325 - Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities
CVE-2023-4329 - The Broadcom RAID Controller web interface lacks proper HTTP configuration, rendering it vulnerable by not securing the SESSIONID cookie with the SameSite attribute.
CVE-2023-4336 - The Broadcom RAID Controller web interface is vulnerable to cookie hijacking due to an insecure default of HTTP configuration.
CVE-2023-4337 - Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation
CVE-2023-4338 - Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers
CVE-2023-4340 - Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file
CVE-2023-4341 - Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI
CVE-2023-4342 - Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy
CVE-2023-4344 - Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2023-39852 - Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.
Product: Doctor Appointment System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39852NVD References: - https://github.com/KLSEHB/vulnerability-report/blob/main/Doctormms_CVE-2023-39852- https://www.sourcecodester.com/php/14182/doctor-appointment-system.htmlCVE-2023-39850 - Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.Product: Schoolmate Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39850NVD References: - https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-39850- https://sourceforge.net/projects/schoolmateCVE-2023-39851 - webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.Product: Webchess Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39851NVD References: - https://github.com/KLSEHB/vulnerability-report/blob/main/webchess_CVE-2023-39851- https://sourceforge.net/projects/webchessCVE-2020-26037 - Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code through a directory traversal vulnerability in the server functionality.Product: Even Balance PunkbusterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-26037NVD References: - http://even.com- http://punkbuster.com- https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36eCVE-2023-32493 - Dell PowerScale OneFS, 9.5.0.x, has a protection mechanism bypass vulnerability that could allow an unprivileged, remote attacker to cause denial of service, disclose information, and remotely execute code.Product: Dell PowerScale OneFSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32493NVD References: https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilitiesCVE-2023-33663 - PrestaShop's ai-dev module "Customization fields fee for your store" (aicustomfee) is vulnerable to SQL injection up to 0.2.0, but the issue has been addressed in release 0.2.1. Product: Ai-Dev AicustomfeeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33663NVD References: - https://security.friendsofpresta.org/modules/2023/08/16/aicustomfee.html- https://www.boutique.ai-dev.fr/en/customization/62-customization-fee.htmlCVE-2023-39115 - install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.Product: Campcodes Complete Online Matrimonial Website System ScriptCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39115NVD References: - http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html- https://github.com/Raj789-sec/CVE-2023-39115- https://www.campcodes.com/projects/php/online-matrimonial-website-system-script-in-php/- https://www.exploit-db.com/exploits/51656CVE-2023-39846 - An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.Product: Pantsel KongaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39846NVD References: https://abyssaler.github.io/post/konga%20Unauthorized%20accessCVE-2023-33238 - TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are susceptible to command injection due to insufficient input validation in the certificate management function, enabling remote code execution by malicious actors.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33238NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-33239 - The TN-4900 and TN-5900 series firmware versions v1.2.4 and prior and v3.3 and prior respectively are vulnerable to a command injection vulnerability due to insufficient input validation in the key-generation function, allowing remote code execution on affected devices.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33239NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34213 - The TN-5900 Series firmware versions v3.3 and prior suffer from a command-injection vulnerability, enabling remote code execution due to inadequate input validation and improper authentication in the key-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34213NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34214 - The TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are vulnerable to command-injection, enabling remote code execution through insufficient input validation in the certi…
CVE-2023-39850 - Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.
Product: Schoolmate Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39850NVD References: - https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-39850- https://sourceforge.net/projects/schoolmateCVE-2023-39851 - webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.Product: Webchess Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39851NVD References: - https://github.com/KLSEHB/vulnerability-report/blob/main/webchess_CVE-2023-39851- https://sourceforge.net/projects/webchessCVE-2020-26037 - Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code through a directory traversal vulnerability in the server functionality.Product: Even Balance PunkbusterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-26037NVD References: - http://even.com- http://punkbuster.com- https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36eCVE-2023-32493 - Dell PowerScale OneFS, 9.5.0.x, has a protection mechanism bypass vulnerability that could allow an unprivileged, remote attacker to cause denial of service, disclose information, and remotely execute code.Product: Dell PowerScale OneFSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32493NVD References: https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilitiesCVE-2023-33663 - PrestaShop's ai-dev module "Customization fields fee for your store" (aicustomfee) is vulnerable to SQL injection up to 0.2.0, but the issue has been addressed in release 0.2.1. Product: Ai-Dev AicustomfeeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33663NVD References: - https://security.friendsofpresta.org/modules/2023/08/16/aicustomfee.html- https://www.boutique.ai-dev.fr/en/customization/62-customization-fee.htmlCVE-2023-39115 - install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.Product: Campcodes Complete Online Matrimonial Website System ScriptCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39115NVD References: - http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html- https://github.com/Raj789-sec/CVE-2023-39115- https://www.campcodes.com/projects/php/online-matrimonial-website-system-script-in-php/- https://www.exploit-db.com/exploits/51656CVE-2023-39846 - An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.Product: Pantsel KongaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39846NVD References: https://abyssaler.github.io/post/konga%20Unauthorized%20accessCVE-2023-33238 - TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are susceptible to command injection due to insufficient input validation in the certificate management function, enabling remote code execution by malicious actors.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33238NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-33239 - The TN-4900 and TN-5900 series firmware versions v1.2.4 and prior and v3.3 and prior respectively are vulnerable to a command injection vulnerability due to insufficient input validation in the key-generation function, allowing remote code execution on affected devices.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33239NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34213 - The TN-5900 Series firmware versions v3.3 and prior suffer from a command-injection vulnerability, enabling remote code execution due to inadequate input validation and improper authentication in the key-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34213NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34214 - The TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are vulnerable to command-injection, enabling remote code execution through insufficient input validation in the certificate-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34214NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-2917 - The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability allowing unauthenticated remote attackers to upload arb…
CVE-2023-39851 - webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.
Product: Webchess Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39851NVD References: - https://github.com/KLSEHB/vulnerability-report/blob/main/webchess_CVE-2023-39851- https://sourceforge.net/projects/webchessCVE-2020-26037 - Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code through a directory traversal vulnerability in the server functionality.Product: Even Balance PunkbusterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-26037NVD References: - http://even.com- http://punkbuster.com- https://medium.com/@prizmant/hacking-punkbuster-e22e6cf2f36eCVE-2023-32493 - Dell PowerScale OneFS, 9.5.0.x, has a protection mechanism bypass vulnerability that could allow an unprivileged, remote attacker to cause denial of service, disclose information, and remotely execute code.Product: Dell PowerScale OneFSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32493NVD References: https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilitiesCVE-2023-33663 - PrestaShop's ai-dev module "Customization fields fee for your store" (aicustomfee) is vulnerable to SQL injection up to 0.2.0, but the issue has been addressed in release 0.2.1. Product: Ai-Dev AicustomfeeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33663NVD References: - https://security.friendsofpresta.org/modules/2023/08/16/aicustomfee.html- https://www.boutique.ai-dev.fr/en/customization/62-customization-fee.htmlCVE-2023-39115 - install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.Product: Campcodes Complete Online Matrimonial Website System ScriptCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39115NVD References: - http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html- https://github.com/Raj789-sec/CVE-2023-39115- https://www.campcodes.com/projects/php/online-matrimonial-website-system-script-in-php/- https://www.exploit-db.com/exploits/51656CVE-2023-39846 - An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.Product: Pantsel KongaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39846NVD References: https://abyssaler.github.io/post/konga%20Unauthorized%20accessCVE-2023-33238 - TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are susceptible to command injection due to insufficient input validation in the certificate management function, enabling remote code execution by malicious actors.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33238NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-33239 - The TN-4900 and TN-5900 series firmware versions v1.2.4 and prior and v3.3 and prior respectively are vulnerable to a command injection vulnerability due to insufficient input validation in the key-generation function, allowing remote code execution on affected devices.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33239NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34213 - The TN-5900 Series firmware versions v3.3 and prior suffer from a command-injection vulnerability, enabling remote code execution due to inadequate input validation and improper authentication in the key-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34213NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34214 - The TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are vulnerable to command-injection, enabling remote code execution through insufficient input validation in the certificate-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34214NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-2917 - The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability allowing unauthenticated remote attackers to upload arbitrary files and potentially achieve remote code execution.Product: Rockwell Automation ThinmanagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2917NVD References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471CVE-2023-37914 - XWiki Platform allows unauthorized users to execute arbitrary script macros, leading to remote co…
CVE-2020-26037 - Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code through a directory traversal vulnerability in the server functionality.
CVE-2023-32493 - Dell PowerScale OneFS, 9.5.0.x, has a protection mechanism bypass vulnerability that could allow an unprivileged, remote attacker to cause denial of service, disclose information, and remotely execute code.
CVE-2023-33663 - PrestaShop's ai-dev module "Customization fields fee for your store" (aicustomfee) is vulnerable to SQL injection up to 0.2.0, but the issue has been addressed in release 0.2.1.
CVE-2023-39115 - install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
Product: Campcodes Complete Online Matrimonial Website System ScriptCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39115NVD References: - http://packetstormsecurity.com/files/173950/Campcodes-Online-Matrimonial-Website-System-3.3-Cross-Site-Scripting.html- https://github.com/Raj789-sec/CVE-2023-39115- https://www.campcodes.com/projects/php/online-matrimonial-website-system-script-in-php/- https://www.exploit-db.com/exploits/51656CVE-2023-39846 - An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.Product: Pantsel KongaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39846NVD References: https://abyssaler.github.io/post/konga%20Unauthorized%20accessCVE-2023-33238 - TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are susceptible to command injection due to insufficient input validation in the certificate management function, enabling remote code execution by malicious actors.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33238NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-33239 - The TN-4900 and TN-5900 series firmware versions v1.2.4 and prior and v3.3 and prior respectively are vulnerable to a command injection vulnerability due to insufficient input validation in the key-generation function, allowing remote code execution on affected devices.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33239NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34213 - The TN-5900 Series firmware versions v3.3 and prior suffer from a command-injection vulnerability, enabling remote code execution due to inadequate input validation and improper authentication in the key-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34213NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-34214 - The TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are vulnerable to command-injection, enabling remote code execution through insufficient input validation in the certificate-generation function.Product: MOXA TN-5900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34214NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilitiesCVE-2023-2917 - The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability allowing unauthenticated remote attackers to upload arbitrary files and potentially achieve remote code execution.Product: Rockwell Automation ThinmanagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2917NVD References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471CVE-2023-37914 - XWiki Platform allows unauthorized users to execute arbitrary script macros, leading to remote code execution and unrestricted read and write access to all wiki contents.Product: XWiki PlatformCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37914NVD References: - https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf- https://jira.xwiki.org/browse/XWIKI-20421CVE-2023-40171 - Dispatch, an open source security incident management tool, is vulnerable to an authentication bypass exploit that allows any account to be taken over within the user's own instance by using the JWT Secret Key included in the server response error message.Product: Dispatch PluginCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40171NVD References: - https://github.com/Netflix/dispatch/commit/b1942a4319f0de820d86b84a58ebc85398b97c70- https://github.com/Netflix/dispatch/pull/3695- https://github.com/Netflix/dispatch/releases/tag/latest- https://github.com/Netflix/dispatch/security/advisories/GHSA-fv3x-67q3-6pg7CVE-2023-25914 - Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.Product: DANFOSS AK-SM800ACVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25914NVD References: - https://csirt.divd.nl/CVE-2023-25914- https://csirt.divd.nl/DIVD-2023-00025CVE-2023-25915 - Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.Product: DANFOSS AK-SM800A CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25915NVD References: - https://csirt.divd.nl/CVE-2023-25915- https://csirt.divd.nl/DIVD-2023-00025CVE-2023-4404 - The Donation Forms by…
CVE-2023-39846 - An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.
CVE-2023-33238 - TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are susceptible to command injection due to insufficient input validation in the certificate management function, enabling remote code execution by malicious actors.
CVE-2023-33239 - The TN-4900 and TN-5900 series firmware versions v1.2.4 and prior and v3.3 and prior respectively are vulnerable to a command injection vulnerability due to insufficient input validation in the key-generation function, allowing remote code execution on affected devices.
CVE-2023-34213 - The TN-5900 Series firmware versions v3.3 and prior suffer from a command-injection vulnerability, enabling remote code execution due to inadequate input validation and improper authentication in the key-generation function.
CVE-2023-34214 - The TN-4900 and TN-5900 Series firmware versions v1.2.4 and prior and v3.3 and prior are vulnerable to command-injection, enabling remote code execution through insufficient input validation in the certificate-generation function.
CVE-2023-2917 - The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability allowing unauthenticated remote attackers to upload arbitrary files and potentially achieve remote code execution.
CVE-2023-37914 - XWiki Platform allows unauthorized users to execute arbitrary script macros, leading to remote code execution and unrestricted read and write access to all wiki contents.
CVE-2023-40171 - Dispatch, an open source security incident management tool, is vulnerable to an authentication bypass exploit that allows any account to be taken over within the user's own instance by using the JWT Secret Key included in the server response error message.
CVE-2023-25914 - Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
CVE-2023-25915 - Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.
CVE-2023-4404 - The Donation Forms by Charitable plugin for WordPress up to version 1.7.0.12 allows unauthenticated attackers to escalate privileges and specify their own user role during registration.
CVE-2023-36787 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-36898 - Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-32315 - Openfire XMPP server's administrative console is vulnerable to a path traversal attack, allowing unauthenticated users to access restricted pages reserved for administrators.
Sponsors
Snyk
*********** Sponsored By SNYK Limited ***********Software supply chain security has been in the headlines a lot lately. Check out insights from industry experts in the newly released Tackling Software Supply Chain in 2023 white paper, where you'll learn everything about software supply chain security and also get some pointers on how to stay ahead. |
Oligo Security
Tune in for our upcoming webcast, Navigating the App Sec Alert Overload: Strategies for Effective Application Security Monitoring on Tuesday, August 29 at 10:30am ET - Our speakers will share insights, strategies, and best practices for taming the alert overload while ensuring a strong security posture. | Register Now:
Stairwell
In our upcoming webcast, Forensic Assessment & Variant Discovery In Minutes on Tue, August 29 at 1:00pm ET - Attendees will learn how to complete a current environmental assessment in minutes and determine if they have or have ever been impacted by a threat. | Register Now:
SANS
The results are in! Tune in on Thu, August 31 at 11:00am ET as survey authors Ben Allen and Chris Edmundson dive into the key findings of this year's DevSecOps Survey and take a deeper look at the evolution of organizations' architecture, practices, techniques, and personnel. | Register Now: