SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 23ISSUE 39
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Are Local LLMs Useful in Incident Response?
Published: 2023-10-03
Last Updated: 2023-10-03 02:38:16 UTC
by Tom Webb (Version: 1)
LLMs have become very popular recently. I've been running them on my home PC for the past few months in basic scenarios to help out. I like the idea of using them to help with forensics and Incident response, but I also want to avoid sending the data to the public LLMs, so running them locally or in a private cloud is a good option.
I use a 3080 GPU with 10GB of VRAM, which seems best for running the 13 Billion model. The three models I'm using for this test are Llama-2-13B-chat-GPTQ , vicuna-13b-v1.3.0-GPTQ, and Starcoderplus-Guanaco-GPT4-15B-V1.0-GPTQ. I've downloaded this model from huggingface.co/ if you want to play along at home.
Llama2 is the latest Facebook general model. Vicuna is a "Fine Tuned" Llama one model that is supposed to be more efficient and use less RAM. StarCoder is trained on 80+ coding languages and might do better on more technical explanations.
There are a bunch of tutorials to get these up and running, but I'm using oobabooga_windows to get all of this quickly. The best solution if you are going to play with many of these is running docker w/ Nvidia pass-through support.
When thinking about how to use this, the first thing that comes to mind is supplementing knowledge for responders. The second is speeding up technical tasks, and the third is speeding up report writing. These are the three use cases we are going to test.
Read the full entry:
https://isc.sans.edu/diary/Are+Local+LLMs+Useful+in+Incident+Response/30274/
Simple Netcat Backdoor in Python Script
Published: 2023-09-30
Last Updated: 2023-09-30 07:03:16 UTC
by Xavier Mertens (Version: 1)
Why reinvent the wheel? We are all lazy and, if we have a tool that offers some interesting capabilities, why not use it? I spotted a simple malicious Python script targeting Windows hosts. The file is flagged by 16 antivirus products on VirusTotal. Nothing very exciting with the script, it's a bot that uses a Discord channel for C2 communications.
Looking at the capabilities, I found an interesting function that downloads a copy of netcap (from the official website), unzip it and starts a Ncat listener...
Read the full entry:
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
Are You Still Storing Passwords In Plain Text Files?
Published: 2023-09-29
Last Updated: 2023-09-29 07:35:31 UTC
by Xavier Mertens (Version: 1)
"Infostealer" malware have been in the wild for a long time now. Once the computer's victim is infected, the goal is to steal "juicy" information like passwords, cookies, screenshots, keystrokes, and more. Yesterday, I spotted an interesting sample. It's delivered through an FTP connection. The file is unknown on VirusTotal...
The malware behavior is pretty simple: It scans the complete drive for interesting files. Here is an example: "*pass*.txt":
Read the full entry:
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Internet Storm Center Entries
Friendly Reminder: ZIP Metadata is Not Encrypted (2023.10.02)
https://isc.sans.edu/diary/Friendly+Reminder+ZIP+Metadata+is+Not+Encrypted/30268/
Analyzing MIME Files: a Quick Tip (2023.10.01)
https://isc.sans.edu/diary/Analyzing+MIME+Files+a+Quick+Tip/30266/
IPv4 Addresses in Little Endian Decimal Format (2023.09.28)
https://isc.sans.edu/diary/IPv4+Addresses+in+Little+Endian+Decimal+Format/30256/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability
CVE-2023-5217 - Chromium:
CVE-2023-4863 - Chromium:
CVE-2021-38243 - xunruicms <=4.5.1 is vulnerable to Remote Code Execution.
CVE-2023-35071 - MRV Tech Logging Administration Panel before 20230915 is vulnerable to SQL Injection.
CVE-2023-38586 - macOS Sonoma 14 allows sandboxed processes to bypass restrictions, leading to an access vulnerability.
CVE-2023-39347 - Cilium allows an attacker with Kubernetes API Server access to apply incorrect network policies by updating pod labels.
CVE-2023-39375 - SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
CVE-2023-3767 - EasyPHP Webserver version 14.1 is vulnerable to OS command injection, enabling an attacker to gain system access through a crafted exploit sent to the /index.php?zone=settings parameter.
CVE-2023-40044 - WS_FTP Server versions prior to 8.7.4 and 8.8.2 allow pre-authenticated attackers to execute remote commands via a .NET deserialization vulnerability in the Ad Hoc Transfer module.
Product: Progress WS_FTP Server CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40044ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8682NVD References: - https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044- https://censys.com/cve-2023-40044/- https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023- https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044- https://www.progress.com/ws_ftp- https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/- https://www.theregister.com/2023/10/02/ws_ftp_update/CVE-2023-42657 - WS_FTP Server versions prior to 8.7.4 and 8.8.2 allow attackers to perform unauthorized file operations and escape the server's file structure to manipulate files and folders on the underlying operating system.Product: Progress WS_FTP ServerCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42657NVD References: - https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023- https://www.progress.com/ws_ftpCVE-2023-40400 - tvOS 17, iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma 14 allow remote attackers to terminate apps or execute arbitrary code.Product: Apple iPadOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40400NVD References: - http://seclists.org/fulldisclosure/2023/Oct/10- https://support.apple.com/en-us/HT213936- https://support.apple.com/en-us/HT213937- https://support.apple.com/en-us/HT213938- https://support.apple.com/en-us/HT213940CVE-2023-40436 - macOS Sonoma 14 is vulnerable to unexpected system termination or unauthorized kernel memory reading due to inadequate bounds checks, which have now been improved.Product: Apple macOSCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40436NVD References: - http://seclists.org/fulldisclosure/2023/Oct/3- https://support.apple.com/en-us/HT213940CVE-2023-40455 - macOS Sonoma 14 allows a sandboxed process to bypass sandbox restrictions due to a permissions issue fix.Product: Apple macOSCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40455NVD References: - http://seclists.org/fulldisclosure/2023/Oct/3- https://support.apple.com/en-us/HT213940CVE-2023-41320 - GLPI is vulnerable to SQL injection in the UI layout preferences management, allowing attackers to hijack an administrator account; upgrade to version 10.0.10 is recommended with no known workarounds.Product: GLPI-Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41320NVD References: https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476CVE-2023-42461 - GLPI is vulnerable to a SQL injection in the ITIL actors input field of the Ticket form, with no known workarounds available, and users should upgrade to version 10.0.10.Product: GLPI-Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42461NVD References: https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84wCVE-2023-42462 - GLPI is vulnerable to a document upload process flaw, allowing attackers to delete files, with no known workarounds available.Product: GLPI-Project CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42462NVD References: https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75CVE-2023-41878 - MeterSphere version 2.10.7 LTS has a vulnerability where attackers can exploit the weak default password in the Selenium VNC configuration to gain unauthorized access with high permissions, and upgrading to the latest version is the recommended solution.Product: MeterSphere CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41878NVD References: - https://github.com/metersphere/installer/commit/02dd31c0951a225eaad99eda560e3eb91ba3001d- https://github.com/metersphere/metersphere/security/advisories/GHSA-88vv-6rm4-59h9CVE-2023-43154 - Macrob7 Macs Framework Content Management System (CMS) 1.1.4f allows authentication bypass and administrator account takeover due to a PHP type confusion vulnerability in the "isValidLogin()" function.Product: Macs CMS Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43154NVD References: - https://cxsecurity.com/issue/WLB-2023090075- https://github.com/ally-petitt/macs-cms-auth-bypassCVE-2023-43187 - NodeBB Inc NodeBB forum software prior to v1.18.6 is vulnerable to remote code execution (RCE) via crafted XML-RPC requests, enabling arbitrary code execution.Product: NodeBB CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43187NVD References: https://github.com/jagat-singh-chaudhary/CVE/blob/main/CVE-2023-43187CVE-2023-43216 - SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.Product: SeaCMS v.12.9CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43216NVD References: https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20fil…
CVE-2023-42657 - WS_FTP Server versions prior to 8.7.4 and 8.8.2 allow attackers to perform unauthorized file operations and escape the server's file structure to manipulate files and folders on the underlying operating system.
CVE-2023-40400 - tvOS 17, iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma 14 allow remote attackers to terminate apps or execute arbitrary code.
CVE-2023-40436 - macOS Sonoma 14 is vulnerable to unexpected system termination or unauthorized kernel memory reading due to inadequate bounds checks, which have now been improved.
CVE-2023-40455 - macOS Sonoma 14 allows a sandboxed process to bypass sandbox restrictions due to a permissions issue fix.
CVE-2023-41320 - GLPI is vulnerable to SQL injection in the UI layout preferences management, allowing attackers to hijack an administrator account; upgrade to version 10.0.10 is recommended with no known workarounds.
CVE-2023-42461 - GLPI is vulnerable to a SQL injection in the ITIL actors input field of the Ticket form, with no known workarounds available, and users should upgrade to version 10.0.10.
CVE-2023-42462 - GLPI is vulnerable to a document upload process flaw, allowing attackers to delete files, with no known workarounds available.
CVE-2023-41878 - MeterSphere version 2.10.7 LTS has a vulnerability where attackers can exploit the weak default password in the Selenium VNC configuration to gain unauthorized access with high permissions, and upgrading to the latest version is the recommended solution.
CVE-2023-43154 - Macrob7 Macs Framework Content Management System (CMS) 1.1.4f allows authentication bypass and administrator account takeover due to a PHP type confusion vulnerability in the "isValidLogin()" function.
CVE-2023-43187 - NodeBB Inc NodeBB forum software prior to v1.18.6 is vulnerable to remote code execution (RCE) via crafted XML-RPC requests, enabling arbitrary code execution.
CVE-2023-43216 - SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
CVE-2023-43222 - SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
CVE-2023-43234 - DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
CVE-2023-43291 - Emlog Pro v.2.1.15 and earlier allow remote code execution due to a vulnerability in the deserialization of untrusted data in the cache.php component.
CVE-2023-44013 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.
CVE-2023-44014 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 is vulnerable to multiple stack overflows in the formSetMacFilterCfg function through the macFilterType and deviceList parameters.
CVE-2023-44015 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.
CVE-2023-44016 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
CVE-2023-44017 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.
CVE-2023-44018 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.
CVE-2023-44019 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.
CVE-2023-44020 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.
CVE-2023-44021 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function.
CVE-2023-44022 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVE-2023-44023 - Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVE-2023-44152 - Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979 allows for the sensitive information disclosure and manipulation due to improper authentication.
CVE-2023-44154 - Acronis Cyber Protect 15 (Linux, Windows) before build 35979 allows sensitive information disclosure and manipulation due to improper authorization.
CVE-2023-44169 - SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
CVE-2023-44170 - SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
CVE-2023-44171 - SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
CVE-2023-44172 - SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
CVE-2023-44206 - Acronis Cyber Protect 15 (Linux, Windows) before build 35979 allows sensitive information disclosure and manipulation due to improper authorization.
CVE-2023-4260 - Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
CVE-2023-4262 - Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled
CVE-2023-4264 - Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
CVE-2023-4737 - Hedef Tracking Admin Panel before 1.2 is vulnerable to SQL Injection allowing improper neutralization of special elements in an SQL command.
CVE-2023-5168 - Firefox, Firefox ESR, and Thunderbird are vulnerable to an out-of-bounds write exploit due to compromised content process in `FilterNodeD2D1`, leading to a potentially exploitable crash in a privileged process.
CVE-2023-5172 - Firefox < 118 is vulnerable to a use-after-free crash caused by a mutated hashtable in the Ion Engine.
CVE-2023-5174 - Firefox on Windows in non-standard configurations may experience a use-after-free vulnerability due to a handle duplication failure during process creation, potentially leading to an exploitable crash.
CVE-2023-5175 - Firefox < 118 is vulnerable to a potential crash exploit due to the creation of an `ImageBitmap` during process shutdown that is later used after being freed from a different codepath.
CVE-2023-5176 - Firefox versions 117 and ESR 115.2, as well as Thunderbird 115.2, have memory safety bugs that could lead to memory corruption and potential arbitrary code execution, affecting Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CVE-2023-5223 - HimitZH HOJ up to 4.6-9a65e3f is susceptible to a critical vulnerability in its Topic Handler component, allowing for remote attacks and sandbox bypass.
CVE-2023-20252 - Cisco Catalyst SD-WAN Manager Software is vulnerable to unauthorized access through improper authentication checks in SAML APIs, enabling an attacker to exploit the vulnerability and gain access to the application.
CVE-2023-43652 - JumpServer allows unauthenticated users to authenticate to the core API using a username and SSH public key, bypassing the need for a password or SSH private key, potentially enabling unauthorized access to user information and actions.
CVE-2023-42818 - JumpServer does not verify the corresponding SSH private key, allowing for brute-force authentication using a disclosed public key.
CVE-2023-43651 - JumpServer allows an authenticated user to exploit a vulnerability in MongoDB sessions, leading to remote code execution and potential system root privileges, through the WEB CLI interface provided by the koko component, which can be mitigated by upgrading to versions 2.28.20 and 3.7.1 with no known workarounds.
CVE-2023-43192 - JFinalcms background is vulnerable to SQL injection, allowing attackers to execute arbitrary SQL statements by submitting parameters with unfiltered special characters.
CVE-2023-44080 - PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.
CVE-2023-41449 - The phpkobo AjaxNewsTicker v.1.0.5 is vulnerable to remote code execution due to a crafted payload in the reque parameter.
CVE-2023-38870 - Gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 is vulnerable to SQL Injection in the 'category_id' parameter of the cash book's feature to list accomplishments by category.
Product: Economizzer CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38870NVD References: - https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38870- https://github.com/gugoan/economizzer- https://www.economizzer.orgCVE-2023-44273 - Consensys gnark-crypto through 0.11.2 allows Signature Malleability due to improper deserialization of EdDSA and ECDSA signatures.Product: Consensys Gnark-CryptoCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44273NVD References: - https://github.com/Consensys/gnark-crypto/pull/449- https://github.com/Consensys/gnark-crypto/releases- https://verichains.ioCVE-2023-43869 - D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.Product: D-Link DIR-619LCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43869NVD References: - https://github.com/YTrick/vuln/blob/main/DIR-619L%20Buffer%20Overflow_1.md- https://www.dlink.com/en/security-bulletin/CVE-2022-47186 - Generex CS141 below 2.06 version allows unrestricted upload and deletion of files in the "upload" directory without authentication.Product: Generex CS141CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-47186NVD References: - https://www.generex.de/support/changelogs/cs141/page:2- https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141CVE-2023-30415 - Sourcecodester Packers and Movers Management System v1.0 contains a SQL injection vulnerability in the id parameter of /inquiries/view_inquiry.php.Product: Oretnom23 Packers And Movers Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30415NVD References: - http://packetstormsecurity.com/files/174758/Packers-And-Movers-Management-System-1.0-SQL-Injection.html- https://robsware.github.io/2023/09/01/firstcveCVE-2023-43013 - Asset Management System v1.0 allows an unauthorized attacker to bypass login controls, perform SQL Injection, and dump the entire database by exploiting the 'email' parameter on the index.php page.Product: Projectworlds Asset Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43013NVD References: - https://fluidattacks.com/advisories/nergal- https://projectworlds.in/CVE-2023-5004, CVE-2023-5053 - Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.Product: Projectworlds Hospital Management System In PHPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5004NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5053NVD References: - https://fluidattacks.com/advisories/alcocer- https://fluidattacks.com/advisories/shierro- https://github.com/projectworldsofficial/hospital-management-system-in-php/CVE-2023-43739 - The 'bookisbn' parameter in cart.php of the vulnerable product lacks character validation, allowing unfiltered input to be sent to the database.Product: Online Book Store Project Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43739NVD References: - https://fluidattacks.com/advisories/filth- https://projectworlds.in/CVE-2023-44163 - Process_search.php in the vulnerable product does not validate the characters received in the 'search' parameter, which are sent unfiltered to the database.Product: Projectworlds Online Movie Ticket Booking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44163NVD References: - https://fluidattacks.com/advisories/starr- https://projectworlds.in/CVE-2023-44164 - The 'Email' parameter of process_login.php in a vulnerable product allows unvalidated characters to be sent directly to the database.Product: Projectworlds Online Movie Ticket Booking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44164NVD References: - https://fluidattacks.com/advisories/starr- https://projectworlds.in/CVE-2023-44165 - Process_login.php resource of the web application fails to validate the characters in the 'Password' parameter before sending them to the database.Product: Projectworlds Online Movie Ticket Booking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44165NVD References: - https://fluidattacks.com/advisories/starr- https://projectworlds.in/CVE-2023-44166 - The process_registration.php resource in the vulnerable product is prone to an unfiltered and unvalidated 'age' parameter, allowing for potential database injection attacks.Product: Projectworlds Online Movie Ticket Booking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44166NVD References: - https://fluidattacks.com/advisories/starr- https://projectworlds.in/CVE-2023-44167 - Process_registration.php in the vulnerable product does not validate the characters received for the 'name' parameter and sends them unfiltered to the database.Product: Projectworlds Online Movie Ticket Booking SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44167NVD References: - https://flui…
CVE-2023-44273 - Consensys gnark-crypto through 0.11.2 allows Signature Malleability due to improper deserialization of EdDSA and ECDSA signatures.
CVE-2023-43869 - D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.
CVE-2022-47186 - Generex CS141 below 2.06 version allows unrestricted upload and deletion of files in the "upload" directory without authentication.
CVE-2023-30415 - Sourcecodester Packers and Movers Management System v1.0 contains a SQL injection vulnerability in the id parameter of /inquiries/view_inquiry.php.
CVE-2023-43013 - Asset Management System v1.0 allows an unauthorized attacker to bypass login controls, perform SQL Injection, and dump the entire database by exploiting the 'email' parameter on the index.php page.
CVE-2023-5004, CVE-2023-5053 - Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVE-2023-43739 - The 'bookisbn' parameter in cart.php of the vulnerable product lacks character validation, allowing unfiltered input to be sent to the database.
CVE-2023-44163 - Process_search.php in the vulnerable product does not validate the characters received in the 'search' parameter, which are sent unfiltered to the database.
CVE-2023-44164 - The 'Email' parameter of process_login.php in a vulnerable product allows unvalidated characters to be sent directly to the database.
CVE-2023-44165 - Process_login.php resource of the web application fails to validate the characters in the 'Password' parameter before sending them to the database.
CVE-2023-44166 - The process_registration.php resource in the vulnerable product is prone to an unfiltered and unvalidated 'age' parameter, allowing for potential database injection attacks.
CVE-2023-44167 - Process_registration.php in the vulnerable product does not validate the characters received for the 'name' parameter and sends them unfiltered to the database.
CVE-2023-44168 - The 'phone' parameter of the process_registration.php resource in the vulnerable product allows unvalidated characters to be sent to the database.
CVE-2023-43654 - TorchServe allows third parties to invoke remote HTTP download requests and write files to the disk due to a lack of input validation in its default configuration, posing a risk of system compromise and data breach (versions 0.1.0 to 0.8.1).
CVE-2023-5260 - SourceCodester Simple Membership System 1.0 is vulnerable to remote SQL injection via the argument club_id in file group_validator.php (CVE-2021-XYZ).
CVE-2023-5261 - Tongda OA 2017 is vulnerable to SQL injection due to an unknown function in the file general/hr/manage/staff_title_evaluation/delete.php, allowing for the manipulation of the EVALUATION_ID argument, and upgrading to version 11.10 is recommended to fix this issue (VDB-240870).
CVE-2023-5288 - SIM1012 allows remote unauthorized attackers to connect to the device, change configuration settings, reset the SIM, and potentially upload new firmware.
CVE-2023-43909 - Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-5265 - Tongda OA 2017 is a vulnerable product due to a critical sql injection vulnerability in the file general/hr/manage/staff_transfer/delete.php (
CVE-2023-5267 - Tongda OA 2017 is vulnerable to SQL injection in general/hr/recruit/hr_pool/delete.php via manipulation of the EXPERT_ID argument, allowing for public exploitation, which can be prevented by upgrading to version 11.10 (VDB-240880).
CVE-2023-26218 - The Web Client component of TIBCO Nimbus has easily exploitable XSS vulnerabilities that allow a low privileged attacker to execute scripts targeting the affected system or the victim's local system by social engineering a legitimate user with network access, requiring human interaction.
CVE-2023-5276 - SourceCodester Engineers Online Portal 1.0 allows remote attackers to conduct SQL injection via the id parameter in downloadable_student.php, resulting in a critical vulnerability (VDB-240904).
CVE-2023-5277 - SourceCodester Engineers Online Portal 1.0 is vulnerable to unrestricted upload due to a critical issue in processing the file student_avatar.php, allowing remote attackers to initiate the attack.
CVE-2023-5278 - SourceCodester Engineers Online Portal 1.0 is vulnerable to remote SQL injection due to improper handling of user credentials in the login.php file (CVE-2021-XXXXX).
CVE-2023-5279 - SourceCodester Engineers Online Portal 1.0 is vulnerable to SQL injection via manipulation of the argument teacher_class_student_id in my_classmates.php, allowing remote attackers to launch attacks; public exploit available (VDB-240907).
CVE-2023-5280 - SourceCodester Engineers Online Portal 1.0 is vulnerable to remote SQL injection in the my_students.php file (id parameter), allowing for potential exploitation of the disclosed vulnerability (VDB-240908).
CVE-2023-5281 - The vulnerability in SourceCodester Engineers Online Portal 1.0 allows remote attackers to initiate a critical SQL injection attack via manipulation of the id parameter in remove_inbox_message.php, as disclosed in the public VDB-240909.
CVE-2023-5282 - SourceCodester Engineers Online Portal 1.0 is vulnerable to remote SQL injection through the manipulation of the argument teacher_id in the file seed_message_student.php (VDB-240910).
CVE-2022-35908 - Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.
CVE-2023-5227 - Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2023-5201 - The OpenHook plugin for WordPress up to version 4.3.0 allows authenticated subscribers or higher to execute code on the server via the 'php' shortcode if enabled.
CVE-2023-5300 - TTSPlanning up to 20230925 is vulnerable to remote SQL injection via the manipulation of the argument uid, with a critical severity level.
CVE-2023-4211 - A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
CVE-2023-20819 - CDMA PPP protocol in MOLY01068234 allows remote privilege escalation through out of bounds write without user interaction.
CVE-2023-3744 - SLims version 9.6.0 allows an authenticated attacker to perform server-side request forgery via the "scrape_image.php" file in the imageURL parameter, allowing them to send requests to internal services or upload file contents.
CVE-2023-4659 - The vulnerable product is susceptible to CSRF attacks that enable unauthorized actions to be performed by an attacker, including impersonating an administrator by altering the token value to "admin" and issuing GET, POST, and DELETE requests without a token, enabling the creation, deletion, and modification of users by an unprivileged remote user.
CVE-2023-24855 - Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE-2023-28540 - Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
CVE-2023-33028 - Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
CVE-2023-3656 - cashIT! - serving solutions is affected by an unauthenticated remote code execution vulnerability that can be triggered by an exposed HTTP endpoint.
CVE-2023-3654 - cashIT! - serving solutions, devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are vulnerable to origin bypass via the host header in an HTTP request when exposed to the network.
CVE-2022-47893 - NetMan 204 is vulnerable to remote code execution, permitting remote attackers to upload a firmware file with a webshell and gain root access.
CVE-2023-32670 - BuddyBoss 2.2.9 version is vulnerable to Cross-Site Scripting (XSS) attacks through the "[name]=image.jpg" parameter, enabling a local attacker with basic privileges to execute malicious payloads.
CVE-2023-28229 - Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
Sponsors
Dragos
*********** Sponsored By Dragos, Inc. ***********EXCLUSIVE WEBINAR | Rockwell Automation & Dragos CEOs Tackle Manufacturing Cybersecurity Challenges Don’t miss this exclusive webinar on October 6 @ 10am CT / 11am ET as visionary leaders, Robert M. Lee, CEO of Dragos, and Blake Moret, Chairman & CEO of Rockwell Automation discuss manufacturing threat landscape insights and supply chain risks. Reshape the way you approach cybersecurity in manufacturing. Register now:
Sonrai Security
The FREE ACCESS Summit will dive into reducing cloud identity risk. Attend for free and learn from cloud pros like you >> Sign Up Now:
Snowflake
Asset and inventory control solutions are difficult to build and maintain. Join us on Oct 12 at 1:00pm ET for our upcoming webcast Enhance Security Investigations with ServiceNow Asset Data to learn how to leverage asset data for security enrichment. | Register now:
Zero Networks
Upcoming webcast on Oct 17 at 10:30am ET | Microsegmentation in a Click - Join Matt Bromiley and Nicholas DiCola to learn how to automate policy implementation in real time. | Register now: