Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

What are they looking for? Scans for OpenID Connect Configuration

Published: 2023-12-19

Last Updated: 2023-12-20 00:03:45 UTC

by Johannes Ullrich (Version: 1)

Update: Thanks to our reader Dustin Decker for pointing out that these scans are likely looking for Citrix devices. The recent "CitrixBleed" vulnerability is exploited using the OpenID connect URL (CVE-2023-4966, CVE-2023-4967). An attack would also include an oversized Host header in a request to the OpenID URL. The scans I have observed do not appear to include this oversized Host header. Looks like they are just looking for possible targets to exploit later.

One of our honeypots received unusually many requests for an OpenID connect configuration file. This honeypot is configured a bit differently as it is more experimental to test new software, so the logs do not show up on our main site. Overall, there are only a few requests targeting this specific URL.

OpenID connected is an authentication scheme often used by websites to facilitate features like "Log in with Facebook/Google...". The specification asks for a configuration file, .well-known/openid-configuration, to facilitate the automatic discovery of OpenID connect capabilities.

Read the full entry:

https://isc.sans.edu/diary/What+are+they+looking+for+Scans+for+OpenID+Connect+Configuration/30498/

An Example of RocketMQ Exploit Scanner

Published: 2023-12-16

Last Updated: 2023-12-16 06:31:05 UTC

by Xavier Mertens (Version: 1)

A few months ago, RocketMQ, a real-time message queue platform, suffered of a nasty vulnerability referred as CVE-2023-33246. I found another malicious script in the wild a few weeks ago that exploits this vulnerability. It has still today a very low VirusTotal detection score:2/60 (SHA256:70710c630390dbf74a97162ab61aae78d3e18eacb41e16d3dd6bbd872fee66c5).

This script is a Bash script has two main parts: First, it will prepare its environment by creating a random directory ...

Then, it will install some dependencies using yum or apt. The dependencies will allow the tool to download and compile on the fly a copy of the masscan port scanner ...

Read the full entry:

https://isc.sans.edu/diary/An+Example+of+RocketMQ+Exploit+Scanner/30492/

Internet Storm Center Entries


Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518) (2023.12.20)

https://isc.sans.edu/diary/Increase+in+Exploit+Attempts+for+Atlassian+Confluence+Server+CVE202322518/30502/

CSharp Payload Phoning to a CobaltStrike Server (2023.12.15)

https://isc.sans.edu/diary/CSharp+Payload+Phoning+to+a+CobaltStrike+Server/30490/

T-shooting Terraform for DShield Honeypot in Azure [Guest Diary] (2023.12.13)

https://isc.sans.edu/diary/Tshooting+Terraform+for+DShield+Honeypot+in+Azure+Guest+Diary/30484/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2022-3236 - Sophos Firewall Code Injection Vulnerability

Product: Sophos Firewall 

CVSS Score: 0

** KEV since 2022-09-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3236

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8778



CVE-2023-36019 - Microsoft Power Platform Connector Spoofing Vulnerability

Product: Microsoft Azure Logic Apps

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36019

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019



CVE-2023-35618 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Product: Microsoft Edge (Chromium-based)

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35618

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618



CVE-2023-22518 - Confluence Data Center and Server versions are vulnerable, but Atlassian Cloud sites are not affected.

Product: Atlassian Confluence Data Center and Server

CVSS Score: 0

** KEV since 2023-11-07 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22518

ISC Diary: https://isc.sans.edu/diary/30502



CVE-2023-4966 - NetScaler ADC and NetScaler Gateway configured as a Gateway or AAA virtual server may reveal sensitive information.

Product: NetScaler ADC and NetScaler Gateway 

CVSS Score: 0

** KEV since 2023-10-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4966

ISC Diary: https://isc.sans.edu/diary/30498



CVE-2023-33246 - RocketMQ versions 5.1.0 and below are vulnerable to remote command execution due to leaked components lacking permission verification.

Product: RocketMQ

CVSS Score: 0

** KEV since 2023-09-06 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33246

ISC Diary: https://isc.sans.edu/diary/30492



CVE-2023-36649 - ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users by inserting sensitive information in the centralized logging system and reading JWT tokens from logs or the Loki REST API.

Product: ProLion CryptoDpike

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36649

NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649



CVE-2023-49581 - SAP GUI for Windows and SAP GUI for Java have an unauthenticated access and data modification vulnerability that compromises restricted information and allows database table writing with potential impact on availability.

Product: SAP Netweaver Application Server ABAP

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49581

NVD References: 

- https://me.sap.com/notes/3392547

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html



CVE-2023-49583 - The SAP BTP Security Services Integration Library ([Node.js] @sap/xssec) versions < 3.6.0 allow an unauthenticated attacker to escalate privileges and gain arbitrary permissions within the application.

Product: The SAP BTP Security Services Integration Library 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49583

NVD References: 

- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/

- https://me.sap.com/notes/3411067

- https://www.npmjs.com/package/@sap/xssec

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html



CVE-2023-50422 - The SAP BTP Security Services Integration Library (cloud-security-services-integration-library) below version 2.17.0 and from version 3.0.0 to before 3.3.0 allows an unauthenticated attacker to escalate privileges and gain arbitrary permissions within the application.

Product: SAP Cloud Security Services Integration Library 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50422

NVD References: 

- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/

- https://github.com/SAP/cloud-security-services-integration-library/

- https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73

- https://me.sap.com/notes/3411067

- https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa

- https://mvnrepository.com/artifact/com.sap.cloud.security/java-security

- https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html



CVE-2023-50423 - The SAP BTP Security Services Integration Library ([Python] sap-xssec) versions < 4.1.0 allows unauthenticated attackers to escalate privileges and obtain arbitrary permissions within the application.

Product: SAP BTP Security Services Integration Library 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50423

NVD References: 

- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/

- https://github.com/SAP/cloud-pysec/

- https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5

- https://me.sap.com/notes/3411067

- https://pypi.org/project/sap-xssec/

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html



CVE-2023-50424 - The SAP BTP Security Services Integration Library allows an unauthenticated attacker to escalate privileges and obtain arbitrary permissions within the application in versions < 0.17.0.

Product: SAP BTP Security Services Integration Library

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50424

NVD References: 

- https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/

- https://github.com/SAP/cloud-security-client-go

- https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73

- https://me.sap.com/notes/3411067

- https://pkg.go.dev/github.com/sap/cloud-security-client-go@v0.17.0

- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html



CVE-2023-41117 - EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0 allows search_path attacks due to inadequate security measures in packages, standalone packages, and functions with SECURITY DEFINER.

Product: Enterprisedb Postgres Advanced Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41117

NVD References: https://www.enterprisedb.com/docs/security/advisories/cve202341117/



CVE-2023-48427 - SINEC INS (All versions < V1.0 SP2 Update 2) does not properly validate UMC server certificates, allowing interception of credentials and escalation of privileges by attackers.

Product: Siemens SINEC INS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48427

NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf



CVE-2023-46454 - GL.iNET GL-AR300M routers with firmware v4.3.7 are vulnerable to arbitrary shell command injection via a crafted package name.

Product: GL.iNET GL-AR300M

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46454

NVD References: https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/



CVE-2023-46456 - GL.iNET GL-AR300M routers with firmware 3.216 allow arbitrary shell command injection through the OpenVPN client file upload feature.

Product: GL.iNET GL-AR300M

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46456

NVD References: 

- https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/

- https://www.gl-inet.com/



CVE-2023-6593 - Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows unrestricted execution of SQL data source entries by an attacker with application access.

Product: Devolutions Remote Desktop Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6593

NVD References: https://devolutions.net/security/advisories/DEVO-2023-0023/



CVE-2013-2513 - The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.

Product: flash_tool Gem for Ruby

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2013-2513

NVD References: 

- https://github.com/advisories/GHSA-6325-6g32-7p35

- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml



CVE-2023-43364 - main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.

Product: Arjunsharda Searchor

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43364

NVD References: 

- https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b

- https://github.com/ArjunSharda/Searchor/pull/130

- https://github.com/advisories/GHSA-66m2-493m-crh2

- https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-

- https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection



CVE-2023-48225 - Laf cloud development platform is vulnerable to information leakage in secret and configmap due to insufficient control of LAF app enV prior to version 1.0.0-beta.13.

Product: Laf 

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48225

NVD References: 

- https://github.com/labring/laf/blob/main/server/src/application/environment.controller.ts#L50

- https://github.com/labring/laf/blob/main/server/src/instance/instance.service.ts#L306

- https://github.com/labring/laf/security/advisories/GHSA-hv2g-gxx4-fwxp



CVE-2023-50252 - php-svg-lib prior to version 0.5.1 suffers from a PHAR Deserialization vulnerability due to unsanitized href attribute in the <use> tag.

Product: Dompdf Php-Svg-Lib

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50252

NVD References: 

- https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030

- https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr



CVE-2023-47577 - Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allow unauthorized password changes without checking the current password.

Product: Relyum RELY-PCIe

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47577

NVD References: https://www.relyum.com/web/support/vulnerability-report/



CVE-2023-6723 - Repbox allows an attacker to achieve full system compromise by exploiting an unrestricted file upload vulnerability in the transforamationfileupload function.

Product: Europeana Repox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6723

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox



CVE-2023-42495 - Dasan Networks - W-Web versions 1.22-1.27 allows OS command injection due to improper neutralization of special elements.

Product: Dasan Networks W-Web

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42495

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories



CVE-2023-6756 - Thecosy IceCMS 2.0.1 is vulnerable to improper restriction of excessive authentication attempts in the Captcha Handler component's /login function, allowing for remote attacks due to a disclosed exploit (VDB-247884).

Product: Thecosy IceCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6756

NVD References: 

- http://124.71.147.32:8082/IceCMS2.html

- https://vuldb.com/?ctiid.247884

- https://vuldb.com/?id.247884



CVE-2023-49363 - Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php.

Product: Rockoa 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49363

NVD References: https://github.com/wednesdaygogo/Vulnerability-recurrence/blob/main/rockoa%20less%20than%202.3.3%20sql%20injection%20vulnerability.pdf



CVE-2023-6765 - SourceCodester Online Tours & Travels Management System 1.0 is susceptible to a critical SQL injection vulnerability in the email_setup.php file's prepare function (CVE-2021-247895).

Product: Mayurik Online Tours & Travels Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6765

NVD References: 

- https://blog.csdn.net/xitanging/article/details/134903112

- https://vuldb.com/?ctiid.247895

- https://vuldb.com/?id.247895



CVE-2023-46726 - GLPI versions 10.0.0 to 10.0.11 on PHP 7.4 only allow arbitrary code execution via the LDAP server configuration form using previously uploaded GLPI documents.

Product: GLPI-Project 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46726

NVD References: 

- https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2

- https://github.com/glpi-project/glpi/releases/tag/10.0.11

- https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95



CVE-2023-46727 - GLPI allows SQL injection via the inventory endpoint before version 10.0.11.

Product: GLPI-Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46727

NVD References: 

- https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46

- https://github.com/glpi-project/glpi/releases/tag/10.0.11

- https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr



CVE-2023-6771 - SourceCodester Simple Student Attendance System 1.0 is vulnerable to SQL injection through the manipulation of the argument sid in the function save_attendance of actions.class.php (CVE-2021-XXXX).

Product: Oretnom23 Simple Student Attendance System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6771

NVD References: 

- https://github.com/Glunko/Simple-Student-Attendance-System_vulnerability/blob/main/README.md

- https://vuldb.com/?ctiid.247907

- https://vuldb.com/?id.247907



CVE-2023-40921 - Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information by exploiting an SQL Injection vulnerability in functions/point_list.php through the lat and lng parameters.

Product: Common-Services Soliberte

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40921

NVD References: https://security.friendsofpresta.org/modules/2023/12/12/soliberte.html



CVE-2023-31546 - Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature.

Product: DedeBIZ

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31546

NVD References: https://github.com/ran9ege/CVE-2023-31546/blob/main/CVE-2023-31546.md



CVE-2023-44709 - PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.

Product: PlutoSVG

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-44709

NVD References: 

- https://gist.github.com/sunwithmoon/3f810c27d2e553f9d31bd7c50566f15b#file-cve-2023-44709

- https://github.com/sammycage/plutosvg/issues/7



CVE-2023-48084 - Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.

Product: Nagios XI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48084

NVD References: https://www.nagios.com/products/security/



CVE-2023-48085 - Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.

Product: Nagios XI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48085

NVD References: https://www.nagios.com/products/security/



CVE-2023-40629, CVE-2023-49707, CVE-2023-49708 - Multiple SQLi vulnerabilities affecting Joomla

Product: Joomla

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40629

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49707

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49708

NVD References: https://extensions.joomla.org/extension/lms-lite/

NVD References: https://extensions.joomla.org/extension/s5-register/

NVD References: https://extensions.joomla.org/extension/starshop/



CVE-2023-46348 - SunnyToo sturls before version 1.1.13 has an SQL injection vulnerability allowing attackers to gain higher privileges and access sensitive information through StUrls::hookActionDispatcher and StUrls::getInstanceId methods.

Product: SunnyToo Sturls

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46348

NVD References: https://security.friendsofpresta.org/modules/2023/12/07/sturls.html



CVE-2023-48925 - Buy Addons bavideotab before version 1.0.6 is vulnerable to an SQL injection attack via BaVideoTabSaveVideoModuleFrontController::run() method, enabling privilege escalation and unauthorized access to sensitive information.

Product: Buy-Addons Bavideotab

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48925

NVD References: https://security.friendsofpresta.org/modules/2023/12/07/bavideotab.html



CVE-2023-0757 - PHOENIX CONTACT MULTIPROG and PHOENIX CONTACT ProConOS eCLR (SDK) have an Incorrect Permission Assignment vulnerability, allowing remote attackers to upload malicious code and gain full device access.

Product: PHOENIX CONTACT MULTIPROG and PHOENIX CONTACT ProConOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0757

NVD References: https://cert.vde.com/en/advisories/VDE-2023-051/



CVE-2023-46141 - PHOENIX CONTACT classic line products allow remote unauthenticated attacker to gain full access due to incorrect permission assignment for critical resource.

Product: PHOENIX CONTACT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46141

NVD References: https://cert.vde.com/en/advisories/VDE-2023-055/



CVE-2023-50073 - EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

Product: Leadscloud EmpireCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50073

NVD References: https://github.com/leadscloud/EmpireCMS/issues/7



CVE-2023-50563 - Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

Product: Sem-Cms Semcms

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50563

NVD References: https://github.com/SecBridge/Cms_Vuls_test/blob/main/Semcms/Semcms_Sql_Inject.md



CVE-2023-47261 - Dokmee ECM 7.4.6 allows remote code execution due to privileged SQL Server database access and xp_cmdshell enablement through the connection string in the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request.

Product: Dokmee Enterprise Content Management

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47261

NVD References: 

- https://h3x0s3.github.io/CVE2023~47261/

- https://www.dokmee.com/Support-Learn/Updates-Change-Log



CVE-2023-48371 - ITPison OMICARD EDM allows an unauthenticated remote attacker to upload and run arbitrary executable files, potentially leading to arbitrary system commands or service disruption.

Product: ITPison OMICARD EDM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48371

NVD References: https://www.twcert.org.tw/tw/cp-132-7590-55002-1.html



CVE-2023-48372 - ITPison OMICARD EDM's SMS-related function allows unauthenticated remote attackers to inject arbitrary SQL commands and gain unauthorized access, modify, and delete the database data.

Product: ITPison OMICARD EDM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48372

NVD References: https://www.twcert.org.tw/tw/cp-132-7591-07c51-1.html



CVE-2023-48376 - SmartStar Software CWS allows unauthenticated remote attackers to upload arbitrary files and perform arbitrary commands or disrupt service due to a lack of file type restrictions in its file uploading function.

Product: SmartStar Software CWS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48376

NVD References: https://www.twcert.org.tw/tw/cp-132-7595-d58b1-1.html



CVE-2023-46279 - Apache Dubbo 3.1.5 is vulnerable to deserialization of untrusted data.

Product: Apache Dubbo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46279

NVD References: 

- https://www.openwall.com/lists/oss-security/2023/12/15/3

- https://lists.apache.org/thread/zw53nxrkrfswmk9n3sfwxmcj7x030nmo



CVE-2023-48384 - ArmorX Spam from ArmorX Global Technology Corporation is vulnerable to SQL injection due to insufficient validation of user input within a special function, allowing unauthenticated remote attackers to access, modify, and delete the database.

Product: ArmorX Global Technology Corporation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48384

NVD References: https://www.twcert.org.tw/tw/cp-132-7601-71c94-1.html



CVE-2023-48388 - Multisuns EasyLog web+ allows remote attackers to perform arbitrary system operations or disrupt service by exploiting the vulnerability of using hard-coded credentials.

Product: Multisuns EasyLog web

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48388

NVD References: https://www.twcert.org.tw/tw/cp-132-7603-b1061-1.html



CVE-2023-48390 - Multisuns EasyLog web+ allows unauthenticated remote attackers to inject code and gain unauthorized access or disrupt service.

Product: Multisuns EasyLog web+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48390

NVD References: https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html



CVE-2023-48392 - Kaifa Technology WebITR online attendance system is vulnerable to an unauthenticated remote attacker generating a valid token parameter and exploiting a hard-coded encryption key, allowing unauthorized access to arbitrary user accounts, including the administrator's account, enabling execution of login account's permissions and retrieving relevant information.

Product: Kaifa Technology WebITR

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48392

NVD References: https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html



CVE-2023-6553 - The Backup Migration plugin for WordPress up to version 1.3.7 is vulnerable to unauthenticated Remote Code Execution via the /includes/backup-heart.php file.

Product: WordPress Backup Migration plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6553

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve



CVE-2023-33218 through CVE-2023-33220 - Multiple vulnerabilities in Idemia-SA-2023-05 Access and Time Biometric Terminals could lead to result in Remote Code execution.

Product: Idemia

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33218

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33219

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-33220

NVD References: https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf



CVE-2023-46116 - Tutanota (Tuta Mail) fails to block harmful URL schemes, allowing malicious actors to gain code execution on a victim's computer.

Product: Tutanota Tuta Mail

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46116

NVD References: https://github.com/tutao/tutanota/security/advisories/GHSA-mxgj-pq62-f644



CVE-2023-50089 - NETGEAR WNR2000v4 version 1.0.0.70 is susceptible to command injection, allowing unauthorized command execution after successful SOAP authentication over HTTP.

Product: NETGEAR WNR2000v4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50089

NVD References: https://www.netgear.com/about/security/



CVE-2023-50917 - MajorDoMo before 0662e5e allows command execution via thumb.php shell metacharacters.

Product: MajorDoMo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50917

NVD References: 

- http://seclists.org/fulldisclosure/2023/Dec/19

- https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178

- https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac



CVE-2023-50918 - app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

Product: MISP 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50918

NVD References: 

- https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1

- https://github.com/MISP/MISP/compare/v2.4.181...v2.4.182



CVE-2023-4020 - Silicon Labs TrustZone implementation allows unauthorized access to secure memory from non-secure memory.

Product: Silabs Gecko Software Development Kit

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4020

NVD References: 

- https://community.silabs.com/069Vm0000004b95IAA

- https://github.com/SiliconLabs/gecko_sdk/releases



CVE-2023-50469 - Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi.

Product: Szlbt LBT-T300-T310

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50469

NVD References: https://github.com/forever-more-cjy/overflow/blob/main/LBT-T310%20Buffer%20overflow.md



CVE-2023-6848 - Kalcaddle kodbox up to 1.48 is vulnerable to remote command injection in the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php using the argument soffice, allowing attackers to exploit the system; upgrading to version 1.48.04 (patch identifier: 63a4d5708d210f119c24afd941d01a943e25334c) is advised.

Product: Kodcloud Kodbox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6848

NVD References: https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c

NVD References: https://github.com/kalcaddle/kodbox/releases/tag/1.48.04



CVE-2023-6849 - Kalcaddle kodbox up to 1.48 is vulnerable to server-side request forgery through manipulation of the argument path in the function cover of the file plugins/fileThumb/app.php, allowing remote attackers to launch attacks; upgrading to version 1.48.04 and applying the patch 63a4d5708d210f119c24afd941d01a943e25334c is recommended.

Product: Kodcloud Kodbox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6849

NVD References: https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c

NVD References: https://github.com/kalcaddle/kodbox/releases/tag/1.48.04

     


CVE-2023-6850 - Kalcaddle KodExplorer up to 4.51.03 is vulnerable to unrestricted upload in the API Endpoint Handler component, allowing remote attackers to initiate attacks by manipulating the argument path/file in the /index.php?pluginApp/to/yzOffice/getFile file.

Product: Kodcloud Kodexplorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6850

NVD References: https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6

NVD References: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01



CVE-2023-6851 - Kalcaddle KodExplorer up to 4.51.03 is vulnerable to code injection through the function unzipList of the component ZIP Archive Handler, allowing remote attackers to initiate attacks with an exploit that has been publicly disclosed.

Product: Kodcloud Kodexplorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6851

NVD References: https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6

NVD References: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01



CVE-2023-6852 - Kalcaddle KodExplorer up to 4.51.03 allows remote attackers to launch a server-side request forgery via an unknown function in plugins/webodf/app.php.

Product: Kodcloud Kodexplorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6852

NVD References: https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6

NVD References: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01



CVE-2023-6853 - Kalcaddle KodExplorer up to 4.51.03 is vulnerable to server-side request forgery in the function index of the file plugins/officeLive/app.php, allowing remote attackers to exploit the issue which has been publicly disclosed, but it can be addressed by upgrading to version 4.52.01 (patch identifier: 5cf233f7556b442100cf67b5e92d57ceabb126c6; vulnerability identifier: VDB-248221).

Product: Kodcloud Kodexplorer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6853

NVD References: https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6

NVD References: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01



CVE-2023-6559 - The MW WP Form plugin for WordPress is prone to arbitrary file deletion, allowing unauthenticated attackers to delete critical files such as wp-config.php, potentially leading to site takeover and remote code execution.

Product: Web-Soudan MW WP Form plugin for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6559

NVD References: 

- https://plugins.trac.wordpress.org/changeset/3007879/mw-wp-form

- https://www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve



CVE-2023-6885 - Tongda OA 2017 up to 11.10 is affected by a critical vulnerability in the file general/vote/manage/delete.php, allowing for SQL injection via manipulation of the DELETE_STR argument (VDB-248245).

Product: Tongda2000 Tongda Office Anywhere

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6885

NVD References: 

- https://github.com/Martinzb/cve/blob/main/sql.md

- https://vuldb.com/?ctiid.248245

- https://vuldb.com/?id.248245



CVE-2023-6898 - SourceCodester Best Courier Management System 1.0 allows SQL injection via the id parameter in manage_user.php, leading to critical vulnerability (VDB-248256).

Product: Mayuri K Best Courier Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6898

NVD References: 

- https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md

- https://vuldb.com/?ctiid.248256

- https://vuldb.com/?id.248256



CVE-2023-6906 - The Totolink A7100RU 7.4cu.2313_B20191024 is vulnerable to a critical buffer overflow through the manipulation of the flag argument in the main function, allowing for remote attack.

Product: Totolink A7100RU

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6906

NVD References: 

- https://github.com/unpWn4bL3/iot-security/blob/main/1.md

- https://vuldb.com/?ctiid.248268

- https://vuldb.com/?id.248268



CVE-2023-6483 - ADiTaaS version 5.1 allows an unauthenticated remote attacker to gain full access to customer data by exploiting an improper authentication vulnerability in the backend API.

Product: Allied Digital ADiTaaS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6483

NVD References: https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0365



CVE-2023-32725 - URL Widget in the website allows unauthorized access to frontend through session cookie manipulation.

Product: Zabbix 

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32725

NVD References: https://support.zabbix.com/browse/ZBX-23854



CVE-2023-48738 - Porto Theme - Functionality is vulnerable to SQL Injection before version 2.12.1.

Product: Porto Theme - Functionality

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48738

NVD References: https://patchstack.com/database/vulnerability/porto-functionality/wordpress-porto-theme-functionality-plugin-2-11-1-unauthenticated-sql-injection-vulnerability?_s_id=cve



CVE-2023-49750 - Couponis - Affiliate & Submitting Coupons WordPress Theme version n/a before 2.2 is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.

Product: Spoonthemes Couponis

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49750

NVD References: https://patchstack.com/database/vulnerability/couponis/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve



CVE-2023-6928 - EuroTel ETL3100 versions v01c01 and v01x37 allow unlimited attempts to guess administrative credentials in remote password attacks, enabling full system control.

Product: EuroTel ETL3100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6928

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05



CVE-2023-6930 - EuroTel ETL3100 versions v01c01 and v01x37 allow unauthenticated users to download configuration and log files, leading to disclosure of sensitive information and potential authentication bypass, privilege escalation, and full system access.

Product: EuroTel ETL3100

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6930

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05



CVE-2023-50707 - The vulnerable product can be exploited to send custom requests that lead to a denial-of-service condition through active user sessions.

Product: N/A 

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50707

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-02



CVE-2023-21740 - Windows Media Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21740

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740



CVE-2023-35621 - Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

Product: Microsoft Dynamics 365

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35621

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621



CVE-2023-35622 - Windows DNS Spoofing Vulnerability

Product: Microsoft Windows Server 2008

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35622

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622



CVE-2023-35624 - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Product: Microsoft Azure Connected Machine Agent

CVSS Score: 7.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35624

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624



CVE-2023-35628 - Windows MSHTML Platform Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35628

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628



CVE-2023-35630 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35630

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630



CVE-2023-35631 - Win32k Elevation of Privilege Vulnerability

Product: Microsoft Windows 11 21H2

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35631

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631



CVE-2023-35632 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35632

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632



CVE-2023-35633 - Windows Kernel Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35633

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633



CVE-2023-35634 - Windows Bluetooth Driver Remote Code Execution Vulnerability

Product: Microsoft Windows 11 21H2

CVSS Score: 8.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35634

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634



CVE-2023-35638 - DHCP Server Service Denial of Service Vulnerability

Product: Microsoft Windows Server 2012

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35638

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638



CVE-2023-35639 - Microsoft ODBC Driver Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35639

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639



CVE-2023-35641 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35641

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641

 


CVE-2023-35643 - DHCP Server Service Information Disclosure Vulnerability

Product: Microsoft Windows Server 2012

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35643

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643



CVE-2023-35644 - Windows Sysmain Service Elevation of Privilege

Product: Microsoft Windows 10 1809

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35644

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644



CVE-2023-36004 - Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36004

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004



CVE-2023-36005 - Windows Telephony Server Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36005

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005



CVE-2023-36006 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36006

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36006



CVE-2023-36010 - Microsoft Defender Denial of Service Vulnerability

Product: Microsoft Malware Protection Platform

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36010

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36010



CVE-2023-36011 - Win32k Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36011

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011



CVE-2023-36020 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Product: Microsoft Dynamics 365

CVSS Score: 7.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36020

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020



CVE-2023-36391 - Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Product: Microsoft Windows 11 23H2

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36391

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391

 


CVE-2023-36696 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1809

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-36696

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696



CVE-2023-50164 - Struts is vulnerable to file upload parameter manipulation leading to Remote Code Execution, and users should upgrade to Struts 2.5.33 or Struts 6.3.0.2 or newer versions for a fix.

Product: Struts

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50164

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8776