Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Malware Dropped Through a ZPAQ Archive

Published: 2023-11-01

Last Updated: 2023-11-01 06:33:33 UTC

by Xavier Mertens (Version: 1)

Did you ever seen ZPAQ archives? This morning, my honeypot captured a phishing attempt which lured the potential victim to open a "ZPAQ" archive. This is not a common file format. This could be used by the attacker to bypass classic security controles. What Wikiepadia says about ZPAQ:

ZPAQ is an open source command line archiver for Windows and Linux. It uses a journaling or append-only format which can be rolled back to an earlier state to retrieve older versions of files and directories. It supports fast incremental update by adding only files whose last-modified date has changed since the previous update. It compresses using deduplication and several algorithms (LZ77, BWT, and context mixing) depending on the data type and the selected compression level. To preserve forward and backward compatibility between versions as the compression algorithm is improved, it stores the decompression algorithm in the archive.

The file was called "Purchase Order pdf<dot>zpaq" (SHA256:1c33eef0d22dc54bb2a41af485070612cd4579529e31b63be2141c4be9183eb6). The fact that the archive is using an "exotic" compress algorithm, the VT score is null! I tried the classic tools on a stock Windows operating systems, including 7Zip and no one was able to decompress the archive. This is a strange because it reduces the number of potential victims! On Windows, you can use PeaZip.

Read the full entry:

https://isc.sans.edu/diary/Malware+Dropped+Through+a+ZPAQ+Archive/30366/

Multiple Layers of Anti-Sandboxing Techniques

Published: 2023-10-31

Last Updated: 2023-10-31 14:51:53 UTC

by Xavier Mertens (Version: 1)

It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same: a classic intostealer using Discord as C2 channel. Today I found one that contains a lot of anti-sanboxing techniques. Let's review them. For malware, it's key to detect the environment where they are executed. When detonated inside a sandbox (automatically or, manually, by an Analyst), they will be able to change their behaviour (most likely, do nothing)

Like all scripting languages running in the Windows eco-system, Python can call any Microsoft API call and there are useful to perform check at operating system. Here is what the scripts try to detect ...

Read the full entry:

https://isc.sans.edu/diary/Multiple+Layers+of+AntiSandboxing+Techniques/30362/

Flying under the Radar: The Privacy Impact of multicast DNS

Published: 2023-10-30

Last Updated: 2023-10-30 15:30:39 UTC

by Johannes Ullrich (Version: 1)

The recent patch to iOS/macOS for CVE-2023-42846 made me think it is probably time to write up a reminder about the privacy impact of UPNP and multicast DNS. This is not a new issue, but it appears to have been forgotten a bit [vuln]. In particular, Apple devices are well-known for their verbose multicast DNS messages.

What is multicast DNS?

Typically, we think of DNS as a client-server protocol where our clients will connect to preconfigured resolvers. In this scenario, it is possible to register hostnames dynamically. Still, the setup is complex and requires configuring the DNS server to allow for these registrations. For a home user, this is complex, but you would still like to have the option to refer to systems by hostname instead of by IP address.

Multicast DNS solves two issues: It allows hosts to register their name and any services they offer and allows hosts connected to the same local network to find services offered by hosts on the network. Multicast DNS uses port 5353 and the multicast group 224.0.0.251 (IPv4) or ff02::fb (IPv6). These are link-local addresses, and the traffic is not routable. The main security feature of Multicast DNS is that the messages only reach local hosts on a (believed to be) trusted local network. There is no authentication or encryption of the messages as this would require some cryptographic key infrastructure. The protocol is supposed to be "plug and play."

Netbios and LLMNR have played roles like this in Windows, but even Windows has been moving to mDNS. While mDNS was originally developed by Apple as "Bonjour", it has now been adopted by Windows and Linux. Another similar protocol is SSDP (Simple Service Discovery Protocol). SSDP is often used next to mDNS. But SSDP never became an IETF standard, and no RFC describes it. Instead, the SSDP standard is now defined as part of Universal Plug and Play (UPNP) [upnp] ...

Read the full entry:

https://isc.sans.edu/diary/Flying+under+the+Radar+The+Privacy+Impact+of+multicast+DNS/30358/

Internet Storm Center Entries


Spam or Phishing? Looking for Credentials & Passwords (2023.10.29)

https://isc.sans.edu/diary/Spam+or+Phishing+Looking+for+Credentials+Passwords/30354/

Size Matters for Many Security Controls (2023.10.28)

https://isc.sans.edu/diary/Size+Matters+for+Many+Security+Controls/30352/

Adventures in Validating IPv4 Addresses (2023.10.26)

https://isc.sans.edu/diary/Adventures+in+Validating+IPv4+Addresses/30348/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-4966 - NetScaler ADC and NetScaler Gateway configured as a Gateway or AAA virtual server may reveal sensitive information.

Product: NetScaler ADC and NetScaler Gateway 

CVSS Score: 0

** KEV since 2023-10-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4966

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8714




CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability

Product: Microsoft WordPad

CVSS Score: 6.5

** KEV since 2023-10-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36563

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8724

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563




CVE-2023-46747 - The BIG-IP system allows an attacker to execute arbitrary system commands by bypassing authentication through undisclosed requests.

Product: F5 BIG-IP

CVSS Score: 9.8

** KEV since 2023-10-31 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46747

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8720

NVD References: https://my.f5.com/manage/s/article/K000137353




CVE-2023-46748 - The BIG-IP Configuration utility is vulnerable to authenticated SQL injection, enabling an attacker to execute arbitrary system commands if they have network access through the management port or self IP addresses.

Product: F5 BIG-IP 

CVSS Score: 8.8

** KEV since 2023-10-31 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46748

NVD References: https://my.f5.com/manage/s/article/K000137365




CVE-2023-34048 - vCenter Server has an out-of-bounds write vulnerability in its DCERPC protocol implementation, allowing a remote attacker to potentially execute code.

Product: VMware vCenter Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34048

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8718

NVD References: https://www.vmware.com/security/advisories/VMSA-2023-0023.html




CVE-2023-22515 - Confluence Data Center and Server instances allowed external attackers to create unauthorized administrator accounts and access Confluence instances.

Product: Atlassian Confluence

CVSS Score: 0

** KEV since 2023-10-05 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22515

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8718




CVE-2023-22518 - Improper Authorization Vulnerability in Confluence Data Center and Server. Atlassian Cloud sites are not affected.

Product: Atlassian Confluence Data Center and Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22518

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8726

NVD References: 

- https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907

- https://jira.atlassian.com/browse/CONFSERVER-93142




CVE-2023-20273 - Cisco IOS XE Software is vulnerable to command injection due to insufficient input validation, allowing an authenticated remote attacker to inject commands with root privileges.

Product: Cisco IOS XE

CVSS Score: 7.2

** KEV since 2023-10-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20273

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z




CVE-2023-36745 - Microsoft Exchange Server Remote Code Execution Vulnerability

Product: Microsoft Exchange Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36745

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8716




CVE-2023-26568, CVE-2023-26569, CVE-2023-26572, CVE-2023-26573, CVE-2023-26581 through CVE-2023-26584, CVE-2023-27254, CVE-2023-27255, CVE-2023-27260, CVE-2023-27262 - IDAttend’s IDWeb application 3.1.052 and earlier has multiple unauthenticated SQL injection vulnerabilities.

Product: IDAttend IDWeb

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26568

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26569

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26572

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26573

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26581

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26582

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26583

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26584

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27254

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27255

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27260

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27262

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26568

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26569

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26572

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26573

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26581

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26582

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26583

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-26584

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-27254

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-27255

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-27260

NVD References: https://www.themissinglink.com.au/security-advisories/cve-2023-27262




CVE-2023-30912 - A remote code execution issue exists in HPE OneView.

Product: HPE OneView

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30912

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us




CVE-2023-31581 - Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.

Product: Dromara Sureness

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31581

NVD References: 

- https://github.com/dromara/sureness/issues/164

- https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md




CVE-2023-44794 - Dromara SaToken version 1.36.0 and earlier have a privilege escalation vulnerability through a crafted payload to the URL.

Product: Dromara Sa-Token

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44794

NVD References: https://github.com/dromara/Sa-Token/issues/515




CVE-2023-37283 - Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter

Product: PingIdentity PingFederate

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37283

NVD References: 

- https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244

- https://www.pingidentity.com/en/resources/downloads/pingfederate.html




CVE-2023-39930 - PingFederate with PingID Radius PCV is vulnerable to a first-factor authentication bypass when a maliciously crafted RADIUS client request sends a MSCHAP authentication request.

Product: PingIdentity PingID Radius PCV

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39930

NVD References: 

- https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn

- https://www.pingidentity.com/en/resources/downloads/pingfederate.html




CVE-2023-37908 - XWiki Rendering in versions prior to 14.10.4 and 15.0 RC1 allows for cross-site scripting through the injection of arbitrary HTML code via invalid attribute names, potentially leading to server-side code execution and impacting the confidentiality, integrity, and availability of the XWiki instance.

Product:  Xwiki-Rendering

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37908

NVD References: 

- https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f

- https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739

- https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp

- https://jira.xwiki.org/browse/XRENDERING-697




CVE-2023-37913 - XWiki Platform versions prior to 14.10.8 and 15.3-rc-1 allow an attacker to exploit a vulnerability by triggering the office converter with a specially crafted file name, leading to writing the attachment's content to an attacker-controlled location on the server, impacting the confidentiality, integrity, and availability of the installation.

Product: XWiki Platform

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37913

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m

- https://jira.xwiki.org/browse/XWIKI-20715




CVE-2023-45134 - XWiki Platform is vulnerable to cross-site scripting, allowing an attacker to execute arbitrary actions with the rights of the user opening the malicious link.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45134

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3

- https://jira.xwiki.org/browse/XWIKI-20962




CVE-2023-45135 - XWiki Platform allows remote code execution via a malicious title in the page creation action.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45135

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9

- https://jira.xwiki.org/browse/XWIKI-20869




CVE-2023-45136 - XWiki Platform is vulnerable to a reflected cross-site scripting attack in the page creation form prior to versions 12.10.12 and 15.5-rc-1, allowing an attacker to execute arbitrary actions with user rights and potentially gain remote code execution and full access to the XWiki installation.

Product: XWiki Platform

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45136

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w

- https://jira.xwiki.org/browse/XWIKI-20854




CVE-2023-45137 - XWiki Platform is vulnerable to cross-site scripting due to missing escaping in the error message displayed when creating a document that already exists.

Product: XWiki Platform

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45137

NVD References: 

- https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929

- https://jira.xwiki.org/browse/XWIKI-20961




CVE-2023-45554 - zzzCMS v.2.1.9 allows remote attackers to execute arbitrary code by altering the imageext parameter.

Product: zzzCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45554

NVD References: https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md





CVE-2023-46520 through CVE-2023-46523, CVE-2023-46525 through CVE-2023-46527, CVE-2023-46534 through CVE-2023-46539 - TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain multiple stack overflow vulnerabilities

Product: TP-LINK TL-WR886N

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46520

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46521

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46522

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46523

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46525

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46526

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46527

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46534

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46535

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46536

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46537

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46538

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46539

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/3/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md

NVD References: https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165




CVE-2023-46554 through CVE-2023-46560, CVE-2023-46562 through CVE-2023-46564 - TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain multiple stack overflow vulnerabilities.

Product: Totolink X2000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46554

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46555      

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46556

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46557

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46558

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46559

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46560

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46562

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46563

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46564

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md      

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md

NVD References: https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md

NVD References: https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36




CVE-2023-46574 - TOTOLINK A3700R v.9.1.2u.6165_20211012 allows remote code execution via the FileName parameter of the UploadFirmwareFile function.

Product: TOTOLINK A3700R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46574

NVD References: https://github.com/OraclePi/repo/blob/main/totolink%20A3700R/1/A3700R%20%20V9.1.2u.6165_20211012%20vuln.md




CVE-2023-5746 -  Synology Camera Firmware versions before 1.0.5-0185 suffer from a vulnerability in the cgi component, enabling remote attackers to execute arbitrary code through externally-controlled format strings.

Product: Synology Camera Firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5746

NVD References: https://www.synology.com/en-global/security/advisory/Synology_SA_23_11




CVE-2023-46133 -  CryptoES prior to version 2.1.0 has weakened PBKDF2, making it highly vulnerable to attacks due to its default use of SHA1 and single iteration count.

Product: CryptoES PBKDF2

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46133

NVD References: 

- https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757

- https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h




CVE-2023-46233 - Crypto-js prior to version 4.2.0 is vulnerable due to using a weak cryptographic hash algorithm and a low number of iterations, making it susceptible to password and signature attacks.

Product: crypto-js PBKDF2

VSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46233

NVD References: https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a

NVD References: https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf




CVE-2023-30967 - Gotham Orbital-Simulator service prior to 0.692.0 allows unauthenticated users to read arbitrary files via a path traversal vulnerability.

Product: Gotham Orbital-Simulator

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30967

NVD References: https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79




CVE-2023-31422 -  Kibana version 8.10.0 has a vulnerability where sensitive information is recorded in the logs, including authentication credentials, cookies, and authorization headers.

Product: Elastic Kibana

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31422

NVD References: 

- https://discuss.elastic.co/t/kibana-8-10-1-security-update/343287

- https://www.elastic.co/community/security




CVE-2023-45869 - ILIAS 7.25 (2023-09-12) allows users to remotely execute arbitrary OS commands when a highly privileged account accesses an XSS payload, compromising the system's integrity, confidentiality, and availability.

Product: ILIAS 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45869

NVD References: 

- https://rehmeinfosec.de/labor/cve-2023-45869

- https://rehmeinfosec.de/report/358ad5f6-f712-4f74-a5ee-476efc856cbc/




CVE-2023-42769 - Cookie session ID in this product is too short, enabling brute force attacks, leading to unauthorized session access, authentication bypass, and transmitter manipulation by remote attackers.

Product: Sielco Radio Link and Analog FM Transmitters

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42769

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08




CVE-2023-46661 - Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

Product: Sielco PolyEco1000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46661

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07




CVE-2023-5754 - Sielco PolyEco1000 has weak default administrative credentials, making the system vulnerable to remote password attacks and granting full control.

Product: Sielco PolyEco1000

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5754

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07




CVE-2023-46665 - Sielco PolyEco1000 allows attackers to gain unauthorized administrative access through an authentication bypass vulnerability.

Product: Sielco PolyEco1000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46665

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07




CVE-2023-5790 - SourceCodester File Manager App 1.0 is affected by a critical vulnerability in the file endpoint/add-file.php, allowing for unrestricted remote file uploads.

Product: Remyandrade File Manager App

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5790

NVD References:  

- https://github.com/Yp1oneer/cve_hub/blob/main/File%20Manager%20App/Unrestricted%20File%20Upload.pdf

- https://vuldb.com/?ctiid.243595

- https://vuldb.com/?id.243595




CVE-2023-5792 - SourceCodester Sticky Notes App 1.0 is prone to a critical remote SQL injection vulnerability (VDB-243598) via manipulation of the "note" parameter in the endpoint/delete-note.php file, which has been publicly disclosed and could be exploited.

Product: Remyandrade Sticky Notes App

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5792

NVD References: 

- https://github.com/Yp1oneer/cve_hub/blob/main/Sticky%20Notes%20App/SQL%20Injection-1.pdf

- https://vuldb.com/?ctiid.243598

- https://vuldb.com/?id.243598




CVE-2023-46435 - Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.

Product: Oretnom23 Packers And Movers Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46435

NVD References: https://github.com/kirra-max/bug_reports/blob/main/packers-and-movers-management-system-phpoop-free-source-code/SQL-1.md




CVE-2023-44267, CVE-2023-43737,CVE-2023-44268, CVE-2023-43738, CVE-2023-44162, CVE-2023-44375, CVE-2023-44376, CVE-2023-44377 - Online Art Gallery v1.0 multiple unauthenticated SQL Injection vulnerabilities.

Product: Online Art Gallery  v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44267

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43737

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44268

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43738

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44162

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44375

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44376

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44377

NVD References: https://fluidattacks.com/advisories/ono

NVD References: https://https://projectworlds.in/




CVE-2023-5820 -  The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery, allowing unauthenticated attackers to upload arbitrary files by tricking a site administrator into performing a specific action.

Product: WordPress Thumbnail Slider With Lightbox plugin

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5820

NVD References: 

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=

- https://wordpress.org/plugins/wp-responsive-slider-with-lightbox

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve




CVE-2023-5807 - TRtek Software Education Portal allows SQL Injection before 3.2023.29.

Product: TRtek Software  Education Portal

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5807

NVD References: https://www.usom.gov.tr/bildirim/tr-23-0608




CVE-2023-46604 - Apache ActiveMQ is vulnerable to Remote Code Execution through manipulation of serialized class types in the OpenWire protocol, allowing an attacker to run arbitrary shell commands on the broker.

Product: Apache ActiveMQ

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46604

NVD References: 

- http://www.openwall.com/lists/oss-security/2023/10/27/5

- https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt




CVE-2023-44480 - Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities due to unfiltered characters sent to the database in the 'setcasualleave' parameter of the admin/setleaves.php resource.

Product: Leave Management System Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44480

NVD References: 

- https://fluidattacks.com/advisories/martin/

- https://projectworlds.in/




CVE-2023-46509 - An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.

Product: Contec SolarView Compact

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46509

NVD References: https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509




CVE-2023-46569 - An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.

Product: Radare2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46569

NVD References: 

- https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8

- https://github.com/radareorg/radare2/issues/22334




CVE-2023-46570 - An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.

Product: Radare2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46570

NVD References: 

- https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6

- https://github.com/radareorg/radare2/issues/22333




CVE-2021-33635 - When malicious images are pulled by isula pull, attackers can execute arbitrary code.

Product: isula pull

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-33635

NVD References: 

- https://gitee.com/src-openeuler/iSulad/pulls/600/files

- https://gitee.com/src-openeuler/iSulad/pulls/627/files

- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686




CVE-2023-45797 - A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.

Product: DreamSecurity MagicLine4NX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45797

NVD References: https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71023&menuNo=205020




CVE-2023-5199 - The PHP to Page plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in versions up to and including 0.3 via the 'php-to-page' shortcode, enabling authenticated attackers with subscriber-level permissions or higher to include local files and potentially execute code on the server.

Product: WordPress PHP to Page plugin

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5199

NVD References: 

- https://plugins.trac.wordpress.org/browser/php-to-page/trunk/php-to-page.php?rev=441028#L22

- https://www.wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve




CVE-2023-5843 - The Ads by datafeedr.com plugin for WordPress versions up to, and including, 1.1.3 is vulnerable to Remote Code Execution via the 'dfads_ajax_load_ads' function, allowing unauthenticated attackers to execute code on the server with limited parameters.

Product: datafeedr WordPress

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5843

NVD References: 

- https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve




CVE-2023-36263 - Prestashop is vulnerable to SQL Injection due to sensitive SQL calls in OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage() that can be exploited with a trivial http call.

Product: Prestashop Opartlimitquantity

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36263

NVD References: https://security.friendsofpresta.org/modules/2023/10/25/opartlimitquantity.html




CVE-2023-40050 - Chef Automate prior to and including version 4.10.29 allows remote code execution when a maliciously crafted profile is uploaded through API or user interface using InSpec check command.

Product: Chef Automate InSpec

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40050

NVD References: 

- https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050

- https://docs.chef.io/automate/profiles/

- https://docs.chef.io/release_notes_automate/




CVE-2023-46248 - The Cody AI VSCode extension versions 0.10.0 through 0.14.0 allows arbitrary code execution if a user opens a malicious repository with the extension loaded.

Product: Cody AI VSCode extension 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46248

NVD References: 

- https://github.com/sourcegraph/cody/pull/1414

- https://github.com/sourcegraph/cody/security/advisories/GHSA-8wmq-fwv7-xmwq




CVE-2023-46249 - authentik, an open-source Identity Provider, allows an attacker to set the password of the default admin user without authentication in versions prior to 2023.8.4 and 2023.10.2.

Product: authentik Identity Provider

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46249

NVD References: 

- https://github.com/goauthentik/authentik/commit/261879022d25016d58867cf1f24e90b81ad618d0

- https://github.com/goauthentik/authentik/commit/ea75741ec22ecef34bc7073f1163e17a8a2bf9fc

- https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.2

- https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.4

- https://github.com/goauthentik/authentik/security/advisories/GHSA-rjvp-29xq-f62w