SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 36
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft September 2023 Patch Tuesday
Published: 2023-09-12
Last Updated: 2023-09-12 20:37:17 UTC
by Renato Marinho (Version: 1)
This month we got patches for 66 vulnerabilities. Of these, 5 are critical, and 2 are already being exploited, according to Microsoft.
One of the exploited vulnerabilities is a Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802). According to the advisory, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The CVSS for this vulnerability is 6.8.
The second one is a Microsoft Word Information Disclosure Vulnerability (CVE-2023-36761). According to the advisory, the Preview Pane is an attack vector and exploiting this vulnerability could allow the disclosure of NTLM hashes.
Regarding critical vulnerabilities, one of them is a Remote Code Execution (RCE) vulnerability on Internet Connection Sharing (ICS) (CVE-2023-38148). According to the advisory, an unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service. This vulnerability requires no user interaction and no privileges. The CVSS is 8.8 - the highest for this month.
The second highest CVSS this month is associated to a RCE affecting Visual Studio (CVE-2023-36793). To exploit this vulnerability an attacker would have to convince a user to open a maliciously crafted package file in Visual Studio. The CVSS is 7.8.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+September+2023+Patch+Tuesday/30214/
Apple fixes 0-Day Vulnerability in Older Operating Systems
Published: 2023-09-11
Last Updated: 2023-09-11 18:32:28 UTC
by Johannes Ullrich (Version: 1)
This update fixes the ImageIO vulnerability Apple patched for current operating systems last week. Now, Apple follows up with a patch for its older, but still supported, operating system versions.
According to Citizen Lab, this vulnerability is already being exploited. Exploitation took advantage of the ImageIO vulnerability and a vulnerability in the Apple wallet "PassKit" API to send a "Pass" to the victim, including the malicious image. These older operating systems support PassKit, but it needs to be clarified if they are vulnerable to the PassKit issue.
More details:
Apple: https://support.apple.com/en-us/HT201222
Citizen Lab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Read the full entry:
https://isc.sans.edu/diary/Apple+fixes+0Day+Vulnerability+in+Older+Operating+Systems/30210/
Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
Published: 2023-09-07
Last Updated: 2023-09-08 14:57:04 UTC
by Johannes Ullrich (Version: 1)
Read the full entry:
Internet Storm Center Entries
Quickie: Generating a YARA Rule to Detect Obfuscated Strings (2023.09.10)
https://isc.sans.edu/diary/Quickie+Generating+a+YARA+Rule+to+Detect+Obfuscated+Strings/30206/
?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary] (2023.09.09)
Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store (2023.09.07)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-36802 - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2023-36761 - Microsoft Word Information Disclosure Vulnerability
CVE-2023-4863 - Chromium:
CVE-2023-41064 - macOS Ventura, iOS, and iPadOS versions 13.5.2, 16.6.1 are susceptible to arbitrary code execution due to a buffer overflow issue involving image processing, potentially being actively exploited.
CVE-2023-36793 - Visual Studio Remote Code Execution Vulnerability
CVE-2023-38148 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVE-2023-41061 - watchOS, iOS, and iPadOS versions 9.6.2, 16.6.1, and 16.6.1 allow for arbitrary code execution through a malicious attachment, with reports of active exploitation.
CVE-2023-20269 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software have a vulnerability that allows remote attackers to conduct brute force attacks or establish unauthorized SSL VPN sessions.
CVE-2023-20238 - The vulnerability in Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform allows an unauthenticated, remote attacker to forge credentials and gain unauthorized access to the system.
CVE-2023-35892 - IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XXE attack, allowing remote attackers to expose sensitive information or consume memory resources.
CVE-2023-28543 - SNPE library is vulnerable to memory corruption due to out of bounds read triggered by a malformed DLC, exposing it to potential attacks when loading untrusted models.
CVE-2023-28562 - Memory corruption while handling payloads from remote ESL.
CVE-2023-28581 - Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.
CVE-2023-41910 - lldpd before 1.0.17 allows remote attackers to cause an out-of-bounds read on heap memory by crafting a CDP PDU packet.
CVE-2023-40743 - Apache Axis 1.x allows for potentially dangerous lookup mechanisms when using "ServiceFactory.getService" to integrate into an application, exposing it to DoS, SSRF, RCE, and should be replaced with a different SOAP engine or patched.
CVE-2023-36361 - Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
CVE-2023-41012 - China Mobile Intelligent Home Gateway v.HG6543C4 allows remote code execution through the authentication mechanism.
CVE-2023-31242 - Open Automation Software OAS Platform v18.00.0072 is vulnerable to an authentication bypass through a specially-crafted series of network requests.
CVE-2023-3374 - Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.
CVE-2017-9453 - BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.
cve-2017-9453 - 1020706453.html
cve-2017-9453-1020706453.html">https://docs.bmc.com/docs/serverautomation/2002/notification-of-critical-security-issue-in-bmc-server-automation-cve-2017-9453-1020706453.html
CVE-2023-35065 - Osoft Paint Production Management before 2.1 is vulnerable to SQL Injection.
CVE-2023-35068 - BMA Personnel Tracking System before 20230904 is vulnerable to SQL Injection.
CVE-2023-35072 - Coyav Travel Proagent before 20230904 allows SQL Injection.
CVE-2023-39681 - Cuppa CMS v1.0 is affected by a remote code execution (RCE) vulnerability when the email_outgoing parameter at /Configuration.php is manipulated with a crafted payload.
CVE-2023-3616 - Mava Software Hotel Management System before 2.0 allows SQL Injection.
CVE-2023-4034 - Smartrise Document Management System before Hvl-2.0 allows SQL Injection.
CVE-2023-4178 - Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.This issue affects Neutron Smart VMS: before b1130.1.0.1.
CVE-2023-4531 - Mestav Software E-commerce Software before 20230901 is vulnerable to SQL Injection.
Product: Mestav E-Commerce SoftwareCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4531NVD References: https://www.usom.gov.tr/bildirim/tr-23-0495CVE-2023-39654 - abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict.Product: Abuquant AbupyCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39654NVD References: - https://github.com/Leeyangee/leeya_bug/blob/main/%5BWarning%5DSQL%20Injection%20in%20abupy%20%3C=%20v0.4.0.md- https://github.com/bbfamily/abuCVE-2023-41009 - The adlered bolo-solo v.2.6 file upload vulnerability allows remote code execution via a crafted script to the authorization field in the header.Product: Adlered Bolo-SoloCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41009NVD References: - http://adlered.com- https://github.com/Rabb1tQ/HillstoneCVEs/blob/main/CVE-2023-41009/CVE-2023-41009.md- https://github.com/adlered/bolo-soloCVE-2023-39361 - Cacti is vulnerable to a SQL injection in graph_view.php, allowing remote attackers to potentially gain administrative privileges or execute remote code.Product: Cacti CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39361NVD References: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrgCVE-2023-41508 - A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.Product: Superstorefinder Super Store FinderCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41508NVD References: - https://github.com/redblueteam/CVE-2023-41508/- https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/CVE-2023-4310 - BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 allow unauthenticated remote attackers to execute commands with site user context via a malicious HTTP request, fixed in version 23.2.3.Product: BeyondTrust Privileged Remote AccessCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4310NVD References: - https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0020207- https://www.beyondtrust.com/blog/entry/security-update-for-remote-support-and-privileged-remote-accessCVE-2023-41507 - Super Store Finder v3.6 is vulnerable to SQL injection via the products, distance, lat, and lng parameters in the store locator component.Product: Super Store FinderCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41507NVD References: - https://github.com/redblueteam/CVE-2023-41507/- https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/CVE-2023-4761 - Chromium: CVE-2023-4761 Out of bounds memory access in FedCMProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4761ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761NVD References: - https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html- https://crbug.com/1476403- https://www.debian.org/security/2023/dsa-5491CVE-2023-4762 - Chromium: CVE-2023-4762 Type Confusion in V8Product: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4762ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762NVD References: - https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html- https://crbug.com/1473247- https://www.debian.org/security/2023/dsa-5491CVE-2023-4763 - Chromium: CVE-2023-4763 Use after free in NetworksProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4763ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4763NVD References: - https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html- https://crbug.com/1469928- https://www.debian.org/security/2023/dsa-5491CVE-2023-4764 - Chromium: CVE-2023-4764 Incorrect security UI in BFCacheProduct: Google ChromeCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4764ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4764NVD References: - https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html- https://crbug.com/1447237- https://www.debian.org/security/2023/dsa-5491CVE-2023-4485 - ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page is vulnerable to unauthenticated blind SQL injection allowing unauthorized access, data leakage, and disruption of critical industrial processes.Product: Ardereg Sistemas ScadaCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4485NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01CVE-2023-30723 - Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary files with Samsung Health…
CVE-2023-41009 - The adlered bolo-solo v.2.6 file upload vulnerability allows remote code execution via a crafted script to the authorization field in the header.
CVE-2023-39361 - Cacti is vulnerable to a SQL injection in graph_view.php, allowing remote attackers to potentially gain administrative privileges or execute remote code.
CVE-2023-41508 - A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
CVE-2023-4310 - BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 allow unauthenticated remote attackers to execute commands with site user context via a malicious HTTP request, fixed in version 23.2.3.
CVE-2023-41507 - Super Store Finder v3.6 is vulnerable to SQL injection via the products, distance, lat, and lng parameters in the store locator component.
CVE-2023-4761 - Chromium:
CVE-2023-4762 - Chromium:
CVE-2023-4763 - Chromium:
CVE-2023-4764 - Chromium:
CVE-2023-4485 - ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page is vulnerable to unauthenticated blind SQL injection allowing unauthorized access, data leakage, and disruption of critical industrial processes.
CVE-2023-30723 - Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary files with Samsung Health privilege due to an improper input validation vulnerability.
CVE-2023-4634 - The Media Library Assistant plugin for WordPress up to and including version 3.09 is vulnerable to Local File Inclusion and Remote Code Execution.
CVE-2023-41149 - F-RevoCRM versions 7.3.7 and 7.3.8 have an OS command injection vulnerability, allowing an attacker to execute arbitrary OS commands on the server.
CVE-2023-37941 - Apache Superset versions 1.5.0 up to and including 2.1.0 allow an attacker with write access to the metadata database to execute remote code on the web backend through a malicious Python object.
CVE-2023-41330 - The knplabs/knp-snappy PHP library is vulnerable to remote code execution through PHAR deserialization due to a bypass in the fix for
CVE-2020-10131 - SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
CVE-2023-23623 - Electron framework does not respect Content-Security-Policy when sandbox is disabled, allowing unexpected usage of eval() and new Function methods, creating an expanded attack surface.
CVE-2023-39956 - Electron:
CVE-2023-39956 - Electron:
CVE-2023-39956 - Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-39967 - WireMock allows for arbitrary service forwarding when certain request URLs are used in its configuration fields, potentially exposing three attack vectors and allowing for unauthorized access to the WireMock instance.
CVE-2023-40397 - macOS Ventura 13.5 allows remote attackers to execute arbitrary JavaScript code due to inadequate checks.
CVE-2023-39238 - ASUS RT-AX56U V2 allows unauthenticated remote attackers to perform remote arbitrary code execution and disrupt service due to a format string vulnerability in its set_iperf3_svr.cgi module.
CVE-2023-39239 - ASUS RT-AX56U V2's General function API allows unauthenticated remote attackers to execute remote arbitrary code, perform arbitrary system operations, or disrupt service due to a format string vulnerability in its apply.cgi module.
CVE-2023-39240 - ASUS RT-AX56U V2’s iperf client function API allows an unauthenticated remote attacker to execute arbitrary code or disrupt service through a format string vulnerability in its set_iperf3_cli.cgi module.
CVE-2023-39422 - Next Generation booking engine's /irmdata/api/ endpoints expose HMAC tokens in a client-side JavaScript file, rendering the authentication mechanism useless.
CVE-2023-39423 - RDPData.dll in the vulnerable product exposes an endpoint which can be exploited to leak session IDs and impersonate logged-in users using a UNION SQL operator.
CVE-2023-40942 - Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
CVE-2023-30908 - Hewlett Packard Enterprise OneView Software is vulnerable to remote exploitation, enabling unauthorized access, sensitive information disclosure, and denial of service.
Product: HP OneViewCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30908NVD References: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_usCVE-2023-40029 - Argo CD is vulnerable to an information disclosure issue due to the storage of sensitive information in the `kubectl.kubernetes.io/last-applied-configuration` annotation of cluster secrets.Product: Argo CDproduct name, KubernetesCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40029NVD References: - https://github.com/argoproj/argo-cd/commit/4b2e5b06bff2ffd8ed1970654ddd8e55fc4a41c4- https://github.com/argoproj/argo-cd/pull/7139- https://github.com/argoproj/argo-cd/security/advisories/GHSA-fwr2-64vr-xv9mCVE-2021-27715 - MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass authentication and execute arbitrary code via crafted HTTP request.Product: MoFi Network MOFI4500-4GXeLTE-V2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-27715NVD References: - http://mofi.com- https://www.nagarro.com/services/security/mofi-cve-security-advisoryCVE-2023-37759 - Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.Product: Trendylogics Crypto Currency TrackerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37759NVD References: - https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008- https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html- https://tregix.com/CVE-2023-41615 - Zoo Management System v1.0 is vulnerable to SQL injection via the username and password fields in the Admin sign-in page.Product: Zoo Management System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41615NVD References: - https://medium.com/@guravtushar231/sql-injection-in-login-field-a9073780f7e8- https://phpgurukul.com/student-management-system-using-php-and-mysql/- https://portswigger.net/web-security/sql-injectionCVE-2023-39320 - Go versions 1.21 and earlier allow execution of scripts and binaries relative to the root of the module when "go" command is used within the module, regardless of whether downloaded from module proxy or VCS software.Product: Golang CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39320NVD References: - https://go.dev/cl/526158- https://go.dev/issue/62198- https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ- https://pkg.go.dev/vuln/GO-2023-2042CVE-2023-42268 - Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.Product: Jeecg BootCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42268NVD References: https://github.com/jeecgboot/jeecg-boot/issues/5311CVE-2022-33164 - IBM Security Directory Server 7.2.0 allows remote attackers to traverse directories and view or write arbitrary files on the system by sending a specially crafted URL request.Product: IBM Security Directory ServerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-33164NVD References: - https://exchange.xforce.ibmcloud.com/vulnerabilities/228579- https://www.ibm.com/support/pages/node/7031021CVE-2023-42276 - hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.Product: Hutool CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42276NVD References: https://github.com/dromara/hutool/issues/3286CVE-2023-42277 - hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.Product: Hutool CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42277NVD References: https://github.com/dromara/hutool/issues/3285CVE-2023-4845 - SourceCodester Simple Membership System 1.0 is vulnerable to remote SQL injection via the admin_id parameter in account_edit_query.php (VDB-239254).Product: Simple Membership System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4845NVD References: - https://github.com/BigBaos/MemShipVul/blob/main/Simple-Membership-System%20account_edit_query.php%20has%20Sqlinjection.pdf- https://vuldb.com/?ctiid.239254- https://vuldb.com/?id.239254CVE-2023-4848 - SourceCodester Simple Book Catalog App 1.0 is vulnerable to remote SQL injection through the delete_book.php functionality (CVE-2021-XXXXX).Product: Simple Book Catalog App Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4848NVD References: - https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/- https://vuldb.com/?ctiid.239257- https://vuldb.com/?id.239257CVE-2023-4871 - SourceCodester Contact Manager App 1.0 is susceptible to remote SQL injection via manipulated argument contact/contactName in delete.php (VDB-239356).Product: Contact Manager App Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4871NVD References: - https…
CVE-2021-27715 - MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass authentication and execute arbitrary code via crafted HTTP request.
CVE-2023-37759 - Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.
CVE-2023-41615 - Zoo Management System v1.0 is vulnerable to SQL injection via the username and password fields in the Admin sign-in page.
CVE-2023-39320 - Go versions 1.21 and earlier allow execution of scripts and binaries relative to the root of the module when "go" command is used within the module, regardless of whether downloaded from module proxy or VCS software.
CVE-2023-42268 - Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
CVE-2022-33164 - IBM Security Directory Server 7.2.0 allows remote attackers to traverse directories and view or write arbitrary files on the system by sending a specially crafted URL request.
CVE-2023-42276 - hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
CVE-2023-42277 - hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
CVE-2023-4845 - SourceCodester Simple Membership System 1.0 is vulnerable to remote SQL injection via the admin_id parameter in account_edit_query.php (VDB-239254).
CVE-2023-4848 - SourceCodester Simple Book Catalog App 1.0 is vulnerable to remote SQL injection through the delete_book.php functionality (CVE-2021-XXXXX).
CVE-2023-4871 - SourceCodester Contact Manager App 1.0 is susceptible to remote SQL injection via manipulated argument contact/contactName in delete.php (VDB-239356).
CVE-2023-4872 - SourceCodester Contact Manager App 1.0 is vulnerable to remote SQL injection via the contactName parameter in add.php, allowing attackers to exploit the application's security.
CVE-2023-36140 - PHPJabbers Cleaning Business Software 1.0 lacks encryption on user passwords, enabling attackers to infiltrate all user accounts.
CVE-2020-19319 - Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.
CVE-2020-19320 - Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.
CVE-2023-31067 - TSplus Remote Access through 16.0.2.14 allows Full Control permissions for Everyone on directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
CVE-2023-31068 - TSplus Remote Access through 16.0.2.14 grants Full Control permissions for Everyone on certain directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
CVE-2023-41256 - Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 allow an unauthorized attacker to obtain user access through an authentication bypass vulnerability.
CVE-2023-40150 - Softneta MedDream PACS v7.2.8.810 and prior allows unauthenticated remote code execution due to lack of authentication checks and unsafe functionality.
CVE-2023-40944 - Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.
CVE-2023-40945 - Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.
CVE-2023-40946 - Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.
Product: Schoolmate Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40946NVD References: https://github.com/KLSEHB/vulnerability-report/blob/main/Schoolmate_CVE-2023-40946CVE-2023-35674 - The vulnerable product, WindowState.java, allows for a logic error in the onCreate function that can enable the launch of a background activity, potentially resulting in local escalation of privilege without requiring extra execution privileges or user interaction.Product: WindowState.javaCVSS Score: 0** KEV since 2023-09-13 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35674NVD References: - https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e- https://source.android.com/security/bulletin/2023-09-01CVE-2023-40309 - SAP CommonCryptoLib lacks authentication checks, enabling an authenticated user to exploit restricted functionality and access, modify, or erase restricted data.Product: SAP CommonCryptoLibCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40309NVD References: - https://me.sap.com/notes/3340576- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-40622 - SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420, 430 allow authenticated attackers to view restricted sensitive information, compromising the application's confidentiality, integrity, and availability.Product: SAP BusinessObjects Business Intelligence Platform (Promotion Management)CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40622NVD References: - https://me.sap.com/notes/3320355- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2022-24093 - Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are susceptible to post-authentication arbitrary code execution due to an improper input validation vulnerability.Product: Adobe CommerceCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24093NVD References: https://helpx.adobe.com/security/products/magento/apsb22-13.htmlCVE-2023-2071 - Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus allows an unauthenticated attacker to achieve remote code execution by uploading a self-made library and bypassing the security check.Product: Rockwell Automation FactoryTalk View Machine Edition on the PanelView PlusCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2071NVD References: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140724CVE-2023-29332 - Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityProduct: Microsoft Azure Kubernetes ServiceCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29332ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332CVE-2023-33136 - Azure DevOps Server Remote Code Execution VulnerabilityProduct: Azure DevOps ServerCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33136ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136CVE-2023-35355 - Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityProduct: Microsoft Windows Cloud Files Mini Filter DriverCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35355ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355CVE-2023-36742 - Visual Studio Code Remote Code Execution VulnerabilityProduct: Microsoft Visual Studio CodeCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36742ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742CVE-2023-36744, CVE-2023-36745, CVE-2023-36756 - Microsoft Exchange Server Remote Code Execution VulnerabilitiesProduct: Microsoft Exchange ServerCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36744NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36745NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36756ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756CVE-2023-36757 - Microsoft Exchange Server Spoofing VulnerabilityProduct: Microsoft Exchange ServerCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36757ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757CVE-2023-36758 - Visual Studio Elevation of Privilege VulnerabilityProduct: Microsoft Visual StudioCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36758ISC Diary: https://isc.sans.edu/diary/30214MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758CVE-2023…
CVE-2023-40309 - SAP CommonCryptoLib lacks authentication checks, enabling an authenticated user to exploit restricted functionality and access, modify, or erase restricted data.
CVE-2023-40622 - SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420, 430 allow authenticated attackers to view restricted sensitive information, compromising the application's confidentiality, integrity, and availability.
CVE-2022-24093 - Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are susceptible to post-authentication arbitrary code execution due to an improper input validation vulnerability.
CVE-2023-2071 - Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus allows an unauthenticated attacker to achieve remote code execution by uploading a self-made library and bypassing the security check.
CVE-2023-29332 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2023-33136 - Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-35355 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36742 - Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-36744, CVE-2023-36745, CVE-2023-36756 - Microsoft Exchange Server Remote Code Execution Vulnerabilities
CVE-2023-36757 - Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36758 - Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36762 - Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36763 - Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-36764 - Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-36765 - Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-36766 - Microsoft Excel Information Disclosure Vulnerability
CVE-2023-36739, CVE-2023-36740, CVE-2023-36760 - 3D Viewer Remote Code Execution Vulnerabilities
CVE-2023-36770, CVE-2023-36771, CVE-2023-36772, CVE-2023-36773 - 3D Builder Remote Code Execution Vulnerabilities
CVE-2023-36788 - .NET Framework Remote Code Execution Vulnerability
CVE-2023-36792, CVE-2023-36794, CVE-2023-36796 - Visual Studio Remote Code Execution Vulnerabilities
CVE-2023-36800 - Dynamics Finance and Operations Cross-site Scripting Vulnerability
CVE-2023-36804, CVE-2023-38161 - Windows GDI Elevation of Privilege Vulnerabilities
CVE-2023-36805 - Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-36886 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-38139, CVE-2023-38141, CVE-2023-38142 - Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2023-38143, CVE-2023-38144 - Windows Common Log File System Driver Elevation of Privilege Vulnerabilities
CVE-2023-38146 - Windows Themes Remote Code Execution Vulnerability
CVE-2023-38147 - Windows Miracast Wireless Display Remote Code Execution Vulnerability
CVE-2023-38149 - Windows TCP/IP Denial of Service Vulnerability
CVE-2023-38150 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-38155 - Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-38156 - Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability
CVE-2023-38162 - DHCP Server Service Denial of Service Vulnerability
CVE-2023-38163 - Windows Defender Attack Surface Reduction Security Feature Bypass
CVE-2023-38164 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-4501 - OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server versions 7.0 patch updates 19-20, 8.0 patch updates 8-9, and 9.0 patch update 1 are vulnerable to user authentication bypass via LDAP-based authentication, allowing any valid username to be used regardless of the password entered, potentially enabling impersonation by an attacker.
CVE-2023-3710 - Honeywell PM43 on 32 bit, ARM (Printer web page modules) is vulnerable to Command Injection due to improper input validation.
CVE-2023-41331 - SOFARPC, a Java RPC framework, is vulnerable to remote command execution in versions prior to 5.11.0, allowing for JNDI injection or system command execution through crafted payloads.
CVE-2022-41303 - AutoDesk:
Sponsors
Snyk
*********** Sponsored By SNYK Limited ***********Discussions around AI is much more than just LLMs, such as ChatGPT and Bard. Check out Snyk's latest white paper Understanding AI Models to Future-Proof Your AppSec to better understand AI models including: Narrow, Logical, Generative, LLMs, and Hybrid. | Download Today:
Palo Alto Networks
Take the SANS Future of Network Security Technology Survey today to help us better understand spending habits, priorities, and decision-making processes when it comes to security technology. Share your thoughts with us for a chance to win a $250 Amazon gift card! | Take the Survey:
SANS
The results are in! Discover the key takeaways from this year’s ICS/OT Survey. Join instructor Jason Christopher and invited speakers for this webcast event to receive first access to the accompanying white paper. | Register now:
Cloudflare
Upcoming Webcast on Tue, September 19 | How Cloudflare Helps Financial Institutions Improve Visibility Into a Complex Threat Landscape - Q2 Case Study | Register now: