Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Analysis of RAR Exploit Files (CVE-2023-38831)

Published: 2023-08-28

Last Updated: 2023-08-28 07:44:29 UTC

by Didier Stevens (Version: 1)

My tool zipdump.py can be used to analyse the latest exploits of vulnerability CVE-2023-38831 in WinRAR.

The vulnerability is exploited with specially crafted ZIP files.

Here is the output of zipdump analyzing a PoC file I created...

What you want to look for, is:

a folder ending with a space character (" /")

a file with the same name as the folder (also ending with space character)

a file inside folder 1, starting with filename 2 and with an extra extension, like .bat

When this ZIP file is opened with a vulnerable version of WinRAR, and file 2 is double-clicked, file 3 is extracted and executed...

Read the full entry:

https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164/

Python Malware Using Postgresql for C2 Communications

Published: 2023-08-25

Last Updated: 2023-08-25 08:54:25 UTC

by Xavier Mertens (Version: 1)

For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common because HTTP is allowed on most networks...

I found a malicious Python script that is pretty well obfuscated. The applied technique reduces its VT score to 6/60! It's based on a mix of Based64- and Hex-encoded data...

Read the full entry:

https://isc.sans.edu/diary/Python+Malware+Using+Postgresql+for+C2+Communications/30158/

Survival time for web sites

Published: 2023-08-29

Last Updated: 2023-08-29 08:35:20 UTC

by Bojan Zdrnja (Version: 1)

Many, many years ago we (SANS Internet Storm Center) published some interesting research about survival time of new machines connected to the Internet. Back then, when Windows XP was the most popular operating system, it was enough to connect your new machine to the Internet and get compromised before you managed to download and install patches. Microsoft changed this with Windows XP SP2, which introduced the host based firewall that was (finally) enabled by default, so a new user had a better chance of surviving the Internet.

We still collect and publish some information about survival time, and you can see that at https://isc.sans.edu/survivaltime.html.

Now, 20 years after, most of us do not have our workstations and laptops connected directly to the Internet, however new web sites get installed and put (on the Internet) every second. I recently had to put several web sites up and was surprised as how fast certain scans happened so I decided to do some tests on survival time of new web sites.

Read the full entry:

https://isc.sans.edu/diary/Survival+time+for+web+sites/30170/

Internet Storm Center Entries


Home Office / Small Business Hurricane Prep (2023.08.28)

https://isc.sans.edu/diary/Home+Office+Small+Business+Hurricane+Prep/30166/

macOS: Who?s Behind This Network Connection? (2023.08.26)

https://isc.sans.edu/diary/macOS+Whos+Behind+This+Network+Connection/30160/

How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary] (2023.08.23)

https://isc.sans.edu/diary/How+I+made+a+qwerty+keyboard+walk+password+generator+with+ChatGPT+Guest+Diary/30152/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-38831 - WinRAR before 6.23 allows remote code execution via a ZIP archive containing a benign file and a folder with the same name, leading to the execution of potentially malicious content.

Product: Rarlab WinRAR

CVSS Score: 7.8

** KEV since 2023-08-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38831

ISC Diary: https://isc.sans.edu/diary/30164

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8630

NVD References: 

- https://news.ycombinator.com/item?id=37236100

- https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/

- https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/




CVE-2023-38035 - Ivanti MobileIron Sentry versions 9.18.0 and below are vulnerable to an authentication bypass due to an insufficiently restrictive Apache HTTPD configuration in MICS Admin Portal.

Product: Ivanti  MobileIron Sentry

CVSS Score: 0

** KEV since 2023-08-22 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38035

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8626




CVE-2020-19909 - Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via crafted value as the retry delay.

Product: Haxx Curl

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-19909

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8634

NVD References: 

- https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

- https://github.com/curl/curl/pull/4166




CVE-2023-32315 - Openfire XMPP server's administrative console is vulnerable to a path traversal attack, allowing unauthenticated users to access restricted pages reserved for administrators.

Product: Openfire

CVSS Score: 0

** KEV since 2023-08-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32315

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8628




CVE-2023-36844 - Juniper Networks Junos OS on EX Series is vulnerable to an unauthenticated attacker modifying certain PHP environment variables, potentially leading to integrity loss and enabling exploitation of other vulnerabilities.

Product: Juniper Networks

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36844

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8636




CVE-2020-22217 -  Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

Product: C-Ares 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-22217

NVD References: https://github.com/c-ares/c-ares/issues/333




CVE-2020-22219 - FLAC before 1.4.0 allows remote attackers to run arbitrary code via a buffer overflow vulnerability in function bitwriter_grow_ in the encoder.

Product: FLAC Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-22219

NVD References: https://github.com/xiph/flac/issues/215




CVE-2020-35357 - GSL (GNU Scientific Library), versions 2.5 and 2.6, allow arbitrary code execution through a buffer overflow when calculating the quantile value using gsl_stats_quantile_from_sorted_data.

Product: GNU Scientific Library

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-35357

NVD References: 

- https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859

- https://savannah.gnu.org/bugs/?59624




CVE-2021-29390 - libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.

Product: Libjpeg-Turbo 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-29390

NVD References: 

- https://bugzilla.redhat.com/show_bug.cgi?id=1943797

- https://github.com/libjpeg-turbo/libjpeg-turbo/blob/4e52b66f342a803d3b8099b79607e3158d3a241c/jdcoefct.c#L595

- https://github.com/libjpeg-turbo/libjpeg-turbo/commits/main/jdcoefct.c




CVE-2021-32292 - Json-c through 0.15-20200726 is vulnerable to a stack-buffer-overflow in parseit function (json_parse.c), enabling an attacker to execute arbitrary code.

Product: Json-C Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-32292

NVD References: https://github.com/json-c/json-c/issues/654




CVE-2021-33388 - dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y

Product: dpic Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-33388

NVD References: https://gitlab.com/aplevich/dpic/-/issues/8




CVE-2021-33390 - dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.

Product: dpic Project 

CVSS Score: 9.8 

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-33390

NVD References: https://gitlab.com/aplevich/dpic/-/issues/10




CVE-2022-36648 - QEMU's of_dpa_cmd_add_l2_flood hardware emulation vulnerability in the rocker device model allows remote attackers to crash the host and potentially execute code by running a malformed program in the guest OS.

Product: QEMU

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36648

NVD References: https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html




CVE-2022-47022 - Open-MPI hwloc 2.1.0 allows denial of service or other unknown impacts due to vulnerabilities in topology-linux.c.

Product: Open-MPI hwloc

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-47022

NVD References: https://github.com/open-mpi/hwloc/issues/544




CVE-2022-48174 - Busybox before 1.35 allows stack overflow in ash.c:6030, enabling arbitrary code execution in the Internet of Vehicles environment.

Product: Busybox 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48174

NVD References: https://bugs.busybox.net/show_bug.cgi?id=15216




CVE-2022-48522 - Perl 5.34.0 has a stack-based crash vulnerability in function S_find_uninit_var, enabling remote code execution or local privilege escalation.

Product: Perl 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-48522

NVD References: https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345




CVE-2023-24517 - Pandora FMS File Manager component in version v767 and earlier versions on all platforms allows unrestricted file upload, enabling an attacker to execute arbitrary system commands.

Product: Pandora FMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24517

NVD References: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/




CVE-2023-36281 - Langchain v.0.0.171 is vulnerable to remote code execution through a json file passed to the load_prompt parameter.

Product: Langchain 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36281

NVD References: 

- https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55

- https://github.com/hwchase17/langchain/issues/4394




CVE-2020-24113 - Yealink W60B version 77.83.0.85 allows directory traversal, leading to information disclosure and DoS.

Product: Yealink W60B

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-24113

NVD References: https://fuo.fi/CVE-2020-24113/




CVE-2023-38734 - IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 incorrectly assigns privileges when importing users from an LDAP directory.

Product: IBM Robotic Process Automation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38734

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/262481

- https://www.ibm.com/support/pages/node/7028227




CVE-2023-4404 - The Donation Forms by Charitable plugin for WordPress up to version 1.7.0.12 allows unauthenticated attackers to escalate privileges and specify their own user role during registration.

Product: WP Charitable

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4404

NVD References: 

- https://plugins.trac.wordpress.org/browser/charitable/tags/1.7.0.12/includes/users/class-charitable-user.php#L866

- https://www.wordfence.com/threat-intel/vulnerabilities/id/522ecc1c-5834-4325-9234-79cf712213f3?source=cve




CVE-2023-4041 - Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) enables Code Injection and Authentication Bypass due to Buffer Copy without Size Check, Out-of-bounds Write, and Download without Integrity Check vulnerabilities, affecting both "Standalone" and "Application" versions.

Product: Silabs Gecko Bootloader

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4041

NVD References: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000XT8GsQAL?operationContext=S1




CVE-2023-41028 - Juplink RX4-1500 WiFi router versions 1.0.2 through 1.0.5 allow authenticated attackers to execute arbitrary code as root via a stack-based buffer overflow.

Product: Juplink RX4-1500

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41028

NVD References: https://blog.exodusintel.com/2023/08/23/juplink-rx4-1500-stack-based-buffer-overflow-vulnerability/




CVE-2023-40572 - XWiki Platform is vulnerable to a CSRF attack that allows remote code execution and compromises the confidentiality, integrity, and availability of the entire installation.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40572

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m

- https://jira.xwiki.org/browse/XWIKI-20849




CVE-2023-40573 - XWiki Platform allows remote code execution through a vulnerability in its job scheduler, which has been patched in versions 14.10.9 and 15.4RC1.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40573

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj

- https://jira.xwiki.org/browse/XWIKI-20852




CVE-2023-40706 - SNAP PAC S1 Firmware version R10.3b allows for unlimited login attempts, making it vulnerable to brute-force attacks on the built-in web server login.

Product: Opto22 SNAP PAC S1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40706

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02




CVE-2023-39834 - PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.

Product: PbootCMS 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39834

NVD References: https://github.com/Pbootcms/Pbootcms/issues/8




CVE-2023-40891 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40891

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/formSetFirewallCfg/1.md




CVE-2023-40892 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40892

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/setSchedEWifi/1.md




CVE-2023-40893 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40893

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/setSmartPowerManagement/1.md




CVE-2023-40894 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40894

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/fromSetStaticRouteCfg/1.md




CVE-2023-40895 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40895

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/formSetVirtualSer/1.md




CVE-2023-40896 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40896

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/SetIpMacBind/1.md




CVE-2023-40897 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40897

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/GetParentControlInfo/1.md




CVE-2023-40898 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40898

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/SetSysTimeCfg/1.md




CVE-2023-40899 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40899

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/formSetMacFilterCfg/1.md




CVE-2023-40900 - Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

Product: Tenda AC8v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40900

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac8/formSetQosBand/1.md




CVE-2023-40901 - Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.

Product: Tenda AC10v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40901

NVD References: https://github.com/peris-navince/founded-0-days/blob/main/ac10/fromSetStaticRouteCfg/1.md




CVE-2023-40799 - Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.

Product: Tenda Ac23

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40799

NVD References: https://github.com/lst-oss/Vulnerability/blob/main/Tenda/AC23/sub_450A4C




CVE-2023-40846 - Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.

Product: Tenda AC6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40846

NVD References: https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/9/9.md




CVE-2023-4419 - LMS5xx is susceptible to unauthorized remote attackers with low skills to reconfigure settings or disrupt device functionality due to hard-coded credentials.

Product: LMS GmbH LMS5xx

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4419

NVD References:

- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json

- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf

- https://sick.com/psirt




CVE-2023-4420 - The SICK LMS5xx is vulnerable to unauthorized disclosure of sensitive information due to lack of TLS, allowing a remote attacker to intercept and manipulate the communication.

Product: SICK LMS5xx

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4420

NVD References: 

- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.json

- https://sick.com/.well-known/csaf/white/2023/sca-2023-0007.pdf

- https://sick.com/psirt




CVE-2023-32757 - e-Excellence U-Office Force file uploading function allows unauthenticated remote attackers to upload arbitrary files and execute arbitrary commands or disrupt service.

Product: Edetw U-Office Force

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32757

NVD References: https://www.twcert.org.tw/tw/cp-132-7330-94442-1.html




CVE-2023-40571 - Weblogic-framework version 0.2.3 and prior may allow remote code execution due to a deserialization vulnerability in which the returned data packets are not verified.

Product: weblogic-framework

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40571

NVD References: 

- https://github.com/dream0x01/weblogic-framework/releases/tag/v0.2.4

- https://github.com/dream0x01/weblogic-framework/security/advisories/GHSA-hjwj-4f3q-44h3




CVE-2023-4543 - IBOS OA 4.5.5 is susceptible to a critical remote SQL injection vulnerability through the manipulation of unknown code found in ?r=recruit/contact/export&contactids=x, and its exploit has been disclosed publicly (VDB-238048).

Product: IBOS 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4543

NVD References: 

- https://github.com/spcck/cve/blob/main/sql.md

- https://vuldb.com/?ctiid.238048

- https://vuldb.com/?id.238048




CVE-2023-4545 - IBOS OA 4.5.5 is susceptible to a critical SQL injection vulnerability in an unknown function of the file ?r=recruit/bgchecks/export&checkids=x, allowing for remote exploitation.

Product: IBOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4545

NVD References: 

- https://github.com/siyu15/cve/blob/main/sql.md

- https://vuldb.com/?ctiid.238056

- https://vuldb.com/?id.238056




CVE-2023-4548 - SPA-Cart eCommerce CMS 1.9.0.3 is vulnerable to remote SQL injection via the filter[brandid] argument in the GET Parameter Handler component, allowing for critical attacks.

Product: SPA-Cart eCommerce CMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4548

NVD References: 

- http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html

- https://vuldb.com/?ctiid.238059

- https://vuldb.com/?id.238059




CVE-2023-4556 - SourceCodester Online Graduate Tracer System 1.0 is affected by a critical vulnerability in the function mysqli_query of the file sexit.php, allowing remote attackers to launch an SQL injection attack by manipulating the argument id, potentially leading to unauthorized access to the system. Product: Online Graduate Tracer System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4556

NVD References: 

- https://blog.csdn.net/weixin_43864034/article/details/132508000

- https://vuldb.com/?ctiid.238154

- https://vuldb.com/?id.238154




CVE-2023-4557 - SourceCodester Inventory Management System 1.0 is vulnerable to remote SQL injection via manipulation of the "customer" argument in the file app/ajax/search_purchase_paymen_report.php (VDB-238158).

Product: Inventory Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4557

NVD References: 

- https://github.com/ZhangXiaoDan1/cve_hub/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%204.pdf

- https://vuldb.com/?ctiid.238158

- https://vuldb.com/?id.238158




CVE-2023-4558 - SourceCodester Inventory Management System 1.0 is vulnerable to remote SQL injection via the "staff_data.php" file, allowing attackers to manipulate the argument "columns[0][data]" and potentially execute malicious SQL queries.

Product: Inventory Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4558

NVD References: 

- https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory%20Management%20System%20SQLi%20staff_data.md

- https://vuldb.com/?ctiid.238159

- https://vuldb.com/?id.238159




CVE-2023-4559 - Bettershop LaikeTui allows for unrestricted upload via manipulation of a specific functionality in the component POST Request Handler's file index.php?module=api&action=user&m=upload, possibly enabling remote attackers to launch an attack.

Product: LaikeTui 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4559

NVD References: 

- https://vuldb.com/?ctiid.238160

- https://vuldb.com/?id.238160




CVE-2023-26270 - IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) allows remote attackers to execute arbitrary code via an angular template injection flaw.

Product: IBM Guardium Cloud Key Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26270

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/248119

- https://www.ibm.com/support/pages/node/6995161




CVE-2023-38024 - SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability allowing remote unauthenticated attackers to access the system and perform arbitrary operations or disrupt service via hard-coded Telnet credentials.

Product: MySpotCam FHD 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38024

NVD References: https://www.twcert.org.tw/tw/cp-132-7331-9099e-1.html




CVE-2023-38025 - The SpotCam FHD 2 by SpotCam Co., Ltd. has a vulnerability of OS command injection, allowing remote unauthenticated attackers to execute arbitrary system commands or disrupt service.

Product: MySpotCam FHD 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38025

NVD References: https://www.twcert.org.tw/tw/cp-132-7332-ee011-1.html




CVE-2023-38026 - SpotCam FHD 2 by SpotCam Co., Ltd. has a vulnerability that allows remote attackers to access the system using hard-coded uBoot credentials, potentially leading to unauthorized system operations or service disruption.

Product: MySpotCam FHD 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38026

NVD References: https://www.twcert.org.tw/tw/cp-132-7333-972ca-1.html




CVE-2023-38027 - SpotCam Sense by SpotCam Co., Ltd. is susceptible to OS command injection, allowing remote unauthenticated attackers to execute arbitrary system commands or disrupt service.

Product: MySpotCam Sense

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38027

NVD References: https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html




CVE-2023-38028 - Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication, allowing unauthenticated remote attackers to gain unauthorized access and read system information and user data without being able to control the system or disrupt services.

Product: Saho Adm-100

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38028

NVD References: https://www.twcert.org.tw/tw/cp-132-7335-d300a-1.html




CVE-2023-38029 - "ADM100 and ADM-100FP attendance devices by Saho have inadequate filtering and validation in their file uploading function, enabling unauthenticated remote attackers to execute arbitrary files and system commands, potentially disrupting service."

Product: Saho Adm-100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38029

NVD References: https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.html




CVE-2023-40748 - PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php.

Product: PHPjabbers Food Delivery Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40748

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/food-delivery-script/




CVE-2023-40749 - PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.

Product: PHPjabbers Food Delivery Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40749

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/food-delivery-script/




CVE-2023-40756 - PHPJabbers Callback Widget v1.0 allows user enumeration during password recovery, enabling brute force attacks.

Product: PHPjabbers Callback Widget

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40756

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/callback-widget/




CVE-2023-40757 - PHPJabbers Food Delivery Script v3.1 allows user enumeration, enabling a brute force attack by distinguishing valid and invalid users during password recovery.

Product: PHPjabbers Food Delivery Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40757

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/food-delivery-script/




CVE-2023-40758 - PHPJabbers Document Creator v1.0 allows user enumeration during password recovery, enabling a brute force attack with valid users.

Product: PHPjabbers Document Creator

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40758

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/document-creator/




CVE-2023-40759 - PHP Jabbers Restaurant Booking Script v3.0 allows user enumeration during password recovery, facilitating brute force attacks by revealing valid users.

Product: PHPjabbers Restaurant Booking Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40759

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/restaurant-booking-system/




CVE-2023-40760 - PHP Jabbers Hotel Booking System v4.0 is vulnerable to user enumeration during password recovery, allowing for a brute force attack with valid user accounts.

Product: PHPjabbers Hotel Booking System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40760

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/hotel-booking-system/




CVE-2023-40761 - PHPJabbers Yacht Listing Script v2.0 allows user enumeration during password recovery, enabling a brute force attack.

Product: PHPjabbers Yacht Listing Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40761

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/yacht-listing-script/




CVE-2023-40762 - PHPJabbers Fundraising Script v1.0 allows user enumeration during password recovery, enabling a brute force attack with valid users.

Product: PHPjabbers Fundraising Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40762

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/fundraising-script/




CVE-2023-40763 - PHPJabbers Taxi Booking Script v2.0 allows user enumeration during password recovery, facilitating brute force attacks by disclosing user validity through different error messages.

Product: PHPjabbers Taxi Booking Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40763

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/taxi-booking-script/




CVE-2023-40764 - PHP Jabbers Car Rental Script v3.0 allows user enumeration during password recovery, enabling an attacker to conduct successful brute force attacks.

Product: PHPjabbers Jabbers Car Rental Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40764

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/car-rental-script/




CVE-2023-40765 - PHPJabbers Event Booking Calendar v4.0 allows user enumeration during password recovery, enabling an attacker to easily identify valid users for a potential brute force attack.

Product: PHPjabbers Event Booking Calendar

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40765

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/event-booking-calendar/




CVE-2023-40766 - PHPJabbers Ticket Support Script v3.2 allows user enumeration during password recovery, enabling brute force attacks through the difference in error messages.

Product: PHPjabbers Ticket Support Script

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40766

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/ticket-support-script/




CVE-2023-40767 - PHPJabbers Make an Offer Widget v1.0 allows user enumeration during password recovery, enabling a brute force attack with valid users.

Product: PHPjabbers Make An Offer Widget

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40767

NVD References: 

- https://medium.com/@mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f

- https://www.phpjabbers.com/make-an-offer-widget/




CVE-2023-39560 - ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.

Product: ECTouch 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39560

NVD References: https://github.com/Luci4n555/cve_ectouch




CVE-2023-41359 - FRRouting FRR through 9.0 allows an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c during AIGP validation due to a lack of byte availability check.

Product: FRRouting 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41359

NVD References: https://github.com/FRRouting/frr/pull/14232




CVE-2023-41360 - FRRouting FRR through 9.0 allows unauthorized access to the initial byte of the ORF header in bgpd/bgp_packet.c.

Product: FRRouting 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41360

NVD References: https://github.com/FRRouting/frr/pull/14245




CVE-2023-41361 - FRRouting FRR 9.0 allows for a potential remote code execution due to insufficient length validation in bgpd/bgp_open.c.

Product: FRRouting 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41361

NVD References: https://github.com/FRRouting/frr/pull/14241




CVE-2023-23770 - Motorola MBTS Site Controller accepts hard-coded backdoor password that cannot be changed or disabled.

Product: Motorola  MBTS Site Controller

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23770

NVD References: https://tetraburst.com/




CVE-2023-34039 - Aria Operations for Networks has an Authentication Bypass vulnerability allowing unauthorized access to its CLI.

Product: Aria Operations for Networks

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34039

NVD References: https://www.vmware.com/security/advisories/VMSA-2023-0018.html




CVE-2023-41265 - Qlik Sense Enterprise for Windows versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier are vulnerable to remote privilege escalation through tunneling HTTP requests in the raw HTTP request, allowing execution of backend server commands; this has been fixed in subsequent patches August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

Product: Qlik Sense Enterprise for Windows

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41265

NVD References: 

- https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801

- https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes




CVE-2023-4596 - The Forminator plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the affected site's server, potentially enabling remote code execution.

Product: Forminator for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4596

NVD References: 

- https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php

- https://www.exploit-db.com/exploits/51664

- https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve