SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 35
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Potential Weaponizing of Honeypot Logs [Guest Diary]
Published: 2023-08-31
Last Updated: 2023-09-01 00:16:46 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by James Turner, an ISC intern as part of the SANS.edu BACS program]
Introduction
In today's rapidly evolving cybersecurity landscape, vigilance is the key. But what if the very tools designed to detect and analyze threats could be turned against us? In this exploration, we dive into the world of honeypots, their valuable logs, and the potential vulnerabilities that lie within. Understanding the use and application of honeypots and their associated dangers isn't just a theoretical exercise; it's a necessity. Cybersecurity professionals, threat analysts, and IT administrators stand at the forefront of this battlefield and should know the dangers that lurk in the logs.
Why do we run honeypots?
A honeypot is a system which is deliberately vulnerable. These honeypots are run by analysts all over the world and help to provide useful information.
The Internet Storm Center (ISC) at SANS utilizes honeypots for several reasons:
Threat intelligence for insights into techniques, tactics, and procedures.
Early warning of emerging attacks which would affect the broader information systems community.
Study and research of malware to develop better defense mechanisms.
Training and education which provides students with real-world attack scenarios.
Better training of students to prepare as cybersecurity professionals.
Read the full entry:
https://isc.sans.edu/diary/Potential+Weaponizing+of+Honeypot+Logs+Guest+Diary/30178/
Security Relevant DNS Records
Published: 2023-09-06
Last Updated: 2023-09-06 20:24:03 UTC
by Johannes Ullrich (Version: 1)
DNS has a big security impact. DNS is partly responsible for your traffic reaching the correct host on the internet. But there is more to DNS than name resolution. I am going to mention a few security-relevant record types here, in no particular order:
I did add some records mentioned by@hquest on Twitter.
DNSSEC (DNSKEY, RRSIG, DS, NSEC3, and others...)
That is probably the most obvious security-related feature. DNSSEC is used to digitally sign DNS records. It protects the integrity of DNS responses. Note that DNSSEC does nothing to protect the confidentiality of the data. DNS requests are not affected by DNSSEC either. There are a few different records related to DNSSEC:
DNSKEY: DNS records used to retrieve the public key used to verify the DNS signatures.
RRSIG: Signature for a particular DNS records
DS: Hash of a key used to verify the key integrity.
Read the full entry:
https://isc.sans.edu/diary/Security+Relevant+DNS+Records/30194/
Analysis of a Defective Phishing PDF
Published: 2023-09-03
Last Updated: 2023-09-03 13:24:59 UTC
by Didier Stevens (Version: 1)
A reader submitted a suspicious PDF file. TLDR: it's a defective phishing PDF.
Taking a look with pdfid.py, I see nothing special, but it contains stream objects...
With the recent PDF/ActiveMime polyglots in mind, I also use option -e to get some extra information...
Read the full entry:
https://isc.sans.edu/diary/Analysis+of+a+Defective+Phishing+PDF/30184/
Internet Storm Center Entries
Common usernames submitted to honeypots (2023.090.05)
https://isc.sans.edu/diary/Common+usernames+submitted+to+honeypots/30188/
Creating a YARA Rule to Detect Obfuscated Strings (2023.09.04)
https://isc.sans.edu/diary/Creating+a+YARA+Rule+to+Detect+Obfuscated+Strings/30186/
What is the origin of passwords submitted to honeypots? (2023.09.02)
https://isc.sans.edu/diary/What+is+the+origin+of+passwords+submitted+to+honeypots/30182/
The low, low cost of (committing) cybercrime (2023.08.31)
https://isc.sans.edu/diary/The+low+low+cost+of+committing+cybercrime/30176/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-34039 - Aria Operations for Networks has an Authentication Bypass vulnerability allowing unauthorized access to its CLI.
CVE-2023-41359 - FRRouting FRR through 9.0 allows an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c during AIGP validation due to a lack of byte availability check.
CVE-2023-41360 - FRRouting FRR through 9.0 allows unauthorized access to the initial byte of the ORF header in bgpd/bgp_packet.c.
CVE-2023-41361 - FRRouting FRR 9.0 allows for a potential remote code execution due to insufficient length validation in bgpd/bgp_open.c.
CVE-2023-23770 - Motorola MBTS Site Controller accepts hard-coded backdoor password that cannot be changed or disabled.
CVE-2023-40787 - SpringBlade V3.6.0 is vulnerable to SQL injection due to the absence of quotation marks around user-submitted parameters when executing SQL queries.
CVE-2023-40889 - ZBar 0.23.90 is vulnerable to a heap-based buffer overflow, enabling information disclosure and arbitrary code execution through specially crafted QR codes.
CVE-2023-40890 - ZBar 0.23.90 is vulnerable to a stack-based buffer overflow when processing specially crafted QR codes, allowing for potential information disclosure and arbitrary code execution via digital or physical scanning.
CVE-2021-3262 - TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows SQL injection via unsafe data inputs in "Student Busing Information" search queries.
CVE-2020-18912 - An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.
CVE-2023-41265 - Qlik Sense Enterprise for Windows versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier are vulnerable to remote privilege escalation through tunneling HTTP requests in the raw HTTP request, allowing execution of backend server commands; this has been fixed in subsequent patches August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
CVE-2023-4596 - The Forminator plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the affected site's server, potentially enabling remote code execution.
CVE-2023-41552 - Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi routers are susceptible to a stack overflow through the parameter ssid at the /goform/fast_setting_wifi_set URL.
CVE-2023-41553 - The Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 routers have a stack overflow vulnerability in the parameter list at url /goform/SetStaticRouteCfg.
CVE-2023-41554 - Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.
CVE-2023-41555 - Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.
CVE-2023-41556 - Tenda AC7 V1.0, Tenda AC9 V3.0, and Tenda AC5 V1.0RTL_V15.03.06.28 suffer from a stack overflow vulnerability via parameter list at /goform/SetIpMacBind.
CVE-2023-41557 - Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 suffer from a stack overflow vulnerability through parameter entrys and mitInterface at url /goform/addressNat.
CVE-2023-41558 - Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg.
CVE-2023-41559 - The Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 routers are vulnerable to a stack overflow via the parameter page at url /goform/NatStaticSetting.
CVE-2023-41560 - Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.
CVE-2023-41561 - Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 suffer from a stack overflow vulnerability through startIp and endIp parameters in the /goform/SetPptpServerCfg URL.
CVE-2023-41562 - Tenda AC7, AC9, and AC5 router models are prone to a stack overflow vulnerability triggered by a time parameter in the /goform/PowerSaveSet URL.
CVE-2023-41563 - Tenda AC9 V3.0 and Tenda AC5 were found to have a stack overflow vulnerability due to a malformed parameter in the URL.
CVE-2023-40837 - Tenda AC6 US_AC6V1.0BR_V15.03.05.16 has a command execution vulnerability in the "sub_ADD50" function allowing execution of commands via unfiltered parameters from the "list" and "vlanId" fields in the "formSetIptv" function.
CVE-2023-40838 - Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.
CVE-2023-40595 - Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1 allow an attacker to execute arbitrary code by exploiting a vulnerability that allows for serialization of untrusted data via a crafted query.
CVE-2023-40582 - find-exec versions prior to 1.0.3 are vulnerable to Command Injection, allowing attackers to execute malicious shell commands.
CVE-2023-31714 - Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
Product: Waqaskanju Chitor-CMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31714NVD References: - https://github.com/msd0pe-1/chitor-sqli- https://github.com/waqaskanju/Chitor-CMS/commit/69d34420ad382c91b0c285432418c1b0810128c1- https://github.com/waqaskanju/Chitor-CMS/releases/tag/Chitor-cms- https://www.exploit-db.com/exploits/51383CVE-2023-31424 - Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.Product: Broadcom Brocade SANnavCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31424NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22507CVE-2023-3162 - The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as users with orders.Product: Webtoffee Stripe Payment Plugin For WooCommerceCVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3162NVD References: - https://plugins.trac.wordpress.org/browser/payment-gateway-stripe-and-woocommerce-integration/tags/3.7.7/includes/class-stripe-checkout.php#L640- https://plugins.trac.wordpress.org/changeset/2925361/payment-gateway-stripe-and-woocommerce-integration- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cveCVE-2023-28801 - Zscaler Admin UI improper verification of cryptographic signature in SAML authentication allows privilege escalation.Product: Zscaler Admin UICVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28801NVD References: https://help.zscaler.com/zia/release-upgrade-summary-2023CVE-2023-41636 - GruppoSCAI RealGimm v1.1.37p38 is vulnerable to SQL injection, enabling attackers to execute arbitrary commands and access the database via a crafted SQL query.Product: GruppoSCAI RealGimmCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41636NVD References: https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20SQL%20Injection(1).mdCVE-2023-41637 - GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code by uploading a crafted HTML file through its Carica immagine function.Product: GruppoSCAI RealGimmCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41637NVD References: https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20-%20Stored%20Cross-site%20Scripting.mdCVE-2023-31175 - The SEL-5037 SEL Grid Configurator before 4.5.0.20 allows an attacker to execute system commands with the highest level privilege.Product: SELinc SEL-5037 SEL Grid ConfiguratorCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31175NVD References: - https://selinc.com/support/security-notifications/external-reports/- https://www.nozominetworks.com/blog/CVE-2023-4299 - Digi RealPort Protocol allows authentication bypass through a replay attack, granting unauthorized access to connected equipment.Product: Digi RealPort ProtocolCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4299NVD References: - https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04- https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdfCVE-2023-4696 - Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.Product: Usememos MemosCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4696NVD References: - https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd- https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303caCVE-2023-36326 - RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges due to an Integer Overflow vulnerability in the bn_grow function's realloc call.Product: Relic Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36326NVD References: - https://github.com/relic-toolkit/relic/commit/34580d840469361ba9b5f001361cad659687b9ab- https://groups.google.com/g/relic-discuss/c/A_J2-ArVIAo/m/qgFiXsUJBQAJ?utm_medium=email&utm_source=footerCVE-2023-36327 - RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e allows arbitrary code execution and denial of service via an Integer Overflow vulnerability in the pos argument of the bn_get_prime function.Product: Relic Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36327NVD References: - https://github.com/relic-toolkit/relic/commit/421f2e91cf2ba42473d4d54daf24e295679e290e- https://groups.google.com/g/relic-discuss/c/A_J2-ArVIAo/m/qgFiXsUJBQAJ?utm_medium=email&utm_source=footerCVE-2023-36328 - Libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows arbitrary code execution and DoS attacks due to an Integer Overflow vulnerability in mp_grow.Product: Libtommath…
CVE-2023-3162 - The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as users with orders.
CVE-2023-28801 - Zscaler Admin UI improper verification of cryptographic signature in SAML authentication allows privilege escalation.
CVE-2023-41636 - GruppoSCAI RealGimm v1.1.37p38 is vulnerable to SQL injection, enabling attackers to execute arbitrary commands and access the database via a crafted SQL query.
CVE-2023-41637 - GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code by uploading a crafted HTML file through its Carica immagine function.
CVE-2023-31175 - The SEL-5037 SEL Grid Configurator before 4.5.0.20 allows an attacker to execute system commands with the highest level privilege.
CVE-2023-4299 - Digi RealPort Protocol allows authentication bypass through a replay attack, granting unauthorized access to connected equipment.
CVE-2023-4696 - Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-36326 - RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges due to an Integer Overflow vulnerability in the bn_grow function's realloc call.
CVE-2023-36327 - RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e allows arbitrary code execution and denial of service via an Integer Overflow vulnerability in the pos argument of the bn_get_prime function.
CVE-2023-36328 - Libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows arbitrary code execution and DoS attacks due to an Integer Overflow vulnerability in mp_grow.
CVE-2023-39631 - LanChain-ai Langchain v.0.0.245 allows remote code execution through the evaluate function in the numexpr library.
CVE-2023-4708 - Infosoftbd Clcknshop 1.0.0 is vulnerable to remote SQL injection due to improper handling of the GET Parameter Handler component, allowing attackers to manipulate the argument tag.
CVE-2023-1523 - The TIOCLINUX ioctl request in snaps allows a malicious snap to inject contents into the input of the controlling terminal, leading to the execution of arbitrary commands outside of the snap sandbox upon exit, but only when run on a virtual console.
Product: TIOCLINUX snapCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-1523NVD References: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523- https://github.com/snapcore/snapd/pull/12849- https://marc.info/?l=oss-security&m=167879021709955&w=2- https://ubuntu.com/security/notices/USN-6125-1CVE-2023-39979 - MXsecurity versions prior to 1.0.1 allow remote attackers to bypass authentication by exploiting insufficient random values in the web service authenticator.Product: MXsecurityCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39979NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilitiesCVE-2023-3703 - Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default CredentialsProduct: Proscend Advice ICR Series routersCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3703NVD References: https://www.gov.il/en/Departments/faq/cve_advisoriesCVE-2023-4613 - LG LED Assistant allows remote attackers to execute arbitrary code by exploiting a lack of authentication in the /api/settings/upload endpoint, enabling code execution in the context of the current user.Product: LG LED AssistantCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4613NVD References: - https://lgsecurity.lge.com/bulletins/idproducts#updateDetails- https://www.zerodayinitiative.com/advisories/ZDI-23-1221/CVE-2023-4614 - LG LED Assistant allows remote attackers to execute arbitrary code without authentication by exploiting a lack of validation in the /api/installation/setThumbnailRc endpoint, enabling code execution with current user privileges.Product: LG LED Assistant CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4614NVD References: - https://lgsecurity.lge.com/bulletins/idproducts#updateDetails- https://www.zerodayinitiative.com/advisories/ZDI-23-1222/CVE-2023-28562 - Memory corruption while handling payloads from remote ESL.Product: No vendor and product name are given in the vulnerability description provided. CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28562NVD References: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletinCVE-2023-28581 - Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.Product: WLAN Firmware GTK KDECVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-28581NVD References: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletinCVE-2023-3374 - Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.Product: Bookreen CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3374NVD References: https://www.usom.gov.tr/bildirim/tr-23-0489CVE-2023-3375 - Unrestricted Upload of File with Dangerous Type vulnerability in Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.Product: Bookreen CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3375NVD References: https://www.usom.gov.tr/bildirim/tr-23-0489CVE-2017-9453 - BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.Product: BMC Server AutomationCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-9453NVD References: https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.htmlCVE-2023-35065 - Osoft Paint Production Management before 2.1 is vulnerable to SQL Injection.Product: Osoft Paint Production ManagementCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35065NVD References: https://www.usom.gov.tr/bildirim/tr-23-0490CVE-2023-35068 - BMA Personnel Tracking System before 20230904 is vulnerable to SQL Injection.Product: BMA Personnel Tracking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35068NVD References: https://www.usom.gov.tr/bildirim/tr-23-0491CVE-2023-35072 - Coyav Travel Proagent before 20230904 allows SQL Injection.Product: Coyav ProagentCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35072NVD References: https://www.usom.gov.tr/bildirim/tr-23-0492CVE-2023-3616 - Mava Software Hotel Management System before 2.0 allows SQL Injection.Product: Mava Software Hotel Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3616NVD References: https://www.usom.gov.tr/bildirim/tr-23-0493CVE-2023-4034 - Smartrise Document Management System before Hvl-2.0 allows SQL Injection.Product: Digita Information Technology Smartrise Document Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4034NVD References: https://www.usom.gov.tr/bildirim/tr-23-0494CVE-2023-4531 - Mestav Software E-commerce Software before 20230901 is vulnerable to SQL Injection.Product: Mestav Software E-commerce SoftwareCVSS Score: 9.8NVD: https://nvd.nist.gov/…
CVE-2023-39979 - MXsecurity versions prior to 1.0.1 allow remote attackers to bypass authentication by exploiting insufficient random values in the web service authenticator.
CVE-2023-3703 - Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
CVE-2023-4613 - LG LED Assistant allows remote attackers to execute arbitrary code by exploiting a lack of authentication in the /api/settings/upload endpoint, enabling code execution in the context of the current user.
CVE-2023-4614 - LG LED Assistant allows remote attackers to execute arbitrary code without authentication by exploiting a lack of validation in the /api/installation/setThumbnailRc endpoint, enabling code execution with current user privileges.
CVE-2023-28562 - Memory corruption while handling payloads from remote ESL.
CVE-2023-28581 - Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.
CVE-2023-3374 - Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.
CVE-2023-3375 - Unrestricted Upload of File with Dangerous Type vulnerability in Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.
CVE-2017-9453 - BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
cve-2017-9453 - 1020706453.html
cve-2017-9453-1020706453.html">https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html
CVE-2023-35065 - Osoft Paint Production Management before 2.1 is vulnerable to SQL Injection.
CVE-2023-35068 - BMA Personnel Tracking System before 20230904 is vulnerable to SQL Injection.
CVE-2023-35072 - Coyav Travel Proagent before 20230904 allows SQL Injection.
CVE-2023-3616 - Mava Software Hotel Management System before 2.0 allows SQL Injection.
CVE-2023-4034 - Smartrise Document Management System before Hvl-2.0 allows SQL Injection.
CVE-2023-4531 - Mestav Software E-commerce Software before 20230901 is vulnerable to SQL Injection.
CVE-2023-39361 - Cacti is vulnerable to a SQL injection in graph_view.php, allowing remote attackers to potentially gain administrative privileges or execute remote code.
CVE-2023-4485 - ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page is vulnerable to unauthenticated blind SQL injection allowing unauthorized access, data leakage, and disruption of critical industrial processes.
CVE-2023-36895 - Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-35785 - Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.
Sponsors
SANS
*********** Sponsored By SANS ***********Skip sleigh and surf with Santa for this year’s Holiday Hack Challenge! Start practicing with our past challenges and subscribe to be notified when HHC 2023 is open. A lot of fun in the sun will come this year, and you better watch out! | Start Now:
CardinalOps
Take the SANS Detection Engineering Survey to share your insights on the state of practice in “detection engineering” and provide guidance on how to improve your capabilities in keeping up with rapidly changing threats. As a special thank you, you'll be entered into our drawing for a chance to win a $250 Amazon gift card. Take the survey now:
SANS
*********** Sponsored By SANS ***********Skip sleigh and surf with Santa for this year’s Holiday Hack Challenge! Start practicing with our past challenges and subscribe to be notified when HHC 2023 is open. A lot of fun in the sun will come this year, and you better watch out! | Start Now:
Cloudflare
Upcoming Webcast on Tue, September 19 | How Cloudflare Helps Financial Institutions Improve Visibility Into a Complex Threat Landscape - Q2 Case Study | Register now: