SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 03
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
Published: 2024-01-16
Last Updated: 2024-01-16 12:53:48 UTC
by Johannes Ullrich (Version: 1)
Last week, Volexity published a blog describing two vulnerabilities in Ivanti's Connect "Secure" VPN. These vulnerabilities have been exploited in limited, targeted attacks. At this point, Ivanti released a configuration workaround but no patch for this vulnerability. The configuration can be applied in the form of an encrypted XML file.
Watchtowr, a company in the vulnerability scanning business, investigated the configuration change created by Ivanti and shared how it detects if an Ivanti instance had the configuration change applied. After the change is applied, requests to a specific REST API URL (/api/v1/configuration/users/user-roles/user-role/rest-userrole1/web/web-bookmarks/bookmark) will include a complete HTML body. Before the patch is applied, only headers are received from the device.
Starting on Sunday, our honeypots detected the first scans for this URL. This is likely due to attackers building target lists while working on the exploit. Neither Volexity nor Watchtowr have released exploits for the vulnerability. Ivanti delivers the Connect "Secure" VPN as a virtual appliance with an obfuscated disk image. Still, the obfuscation is easily bypassed, and exploits are likely available to a wider and wider group of attackers. Ransomware attackers are likely already taking advantage of the vulnerability.
Read the full entry:
One File, Two Payloads
Published: 2024-01-12
Last Updated: 2024-01-12 06:12:18 UTC
by Xavier Mertens (Version: 1)
It has been a while since I discussed obfuscation techniques in malicious scripts. I found a VB script that pretends to be a PDF file. As usual, it was delivered through a phishing email with a zip archive. The filename is ...
The script starts with a strange trick: It lists the available Windows services, builds a string containing all the services names, and searches for the substring “Microsoft” across them.
Read the full entry: https://isc.sans.edu/diary/One+File+Two+Payloads/30558/
New YouTube Video Series: Hacker Tools Origin Stories
Published: 2024-01-11
Last Updated: 2024-01-11 12:40:31 UTC
by Johannes Ullrich (Version: 1)
I remembered that I should have mentioned this in today's podcast, so here it goes as a quick post. The amazing Mark Baggett stepped away from his Python console and started a new series of YouTube videos about the origin stories of various hacker tools. The first one he covers is Security Onion. These videos interview the creators of the tools to learn more about why and how they were created.
Read the full entry: https://isc.sans.edu/diary/New+YouTube+Video+Series+Hacker+Tools+Origin+Stories/30554/
Internet Storm Center Entries
Number Usage in Passwords (2024.01.17)
https://isc.sans.edu/diary/Number+Usage+in+Passwords/30540/
Microsoft January 2024 Patch Tuesday (2024.01.10)
https://isc.sans.edu/diary/Microsoft+January+2024+Patch+Tuesday/30548
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-21887 - Ivanti Connect Secure and Ivanti Policy Secure (9.x, 22.x) suffer from a command injection vulnerability, enabling authenticated administrators to execute arbitrary commands on the appliance through specially crafted requests.
CVE-2023-46805 - Authentication-Bypass-
CVE-2023-46805-Authentication-Bypass-
CVE-2024-21887 - Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CVE-2023-46805 - Ivanti ICS 9.x, 22.x and Ivanti Policy Secure web component allows remote attackers to access restricted resources by bypassing control checks.
CVE-2023-46805 - Authentication-Bypass-
CVE-2023-46805-Authentication-Bypass-
CVE-2024-21887 - Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
CVE-2024-0252 - ManageEngine ADSelfService Plus versions 6401 and below allow remote code execution due to improper handling in the load balancer component.
CVE-2023-7028 - GitLab CE/EE versions from 16.1 to 16.7.2 allow user account password reset emails to be delivered to unverified email addresses.
CVE-2024-0057 - NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVE-2023-50916 - Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path.
Product: Kyocera Device ManagerCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50916ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8804NVD References: - https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/- https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-001_kyocera-v2.txtCVE-2024-0519 - Chromium: CVE-2024-0519 Out of bounds memory access in V8Product: Google ChromeCVSS Score: 0** KEV since 2024-01-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0519MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html- https://crbug.com/1517354CVE-2023-6548 - Authenticated Remote Code Execution in Citrix Netscaler ADC Version 12.1 and laterProduct - Citrix Netscaler ADC Version 12.1 and laterCVSS Score: 5.5** KEV since 2024-01-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6548NVD References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549CVE-2023-6549 - Denial of Service Vulnerability in Citrix Netscaler ADC Version 12.1 and laterProduct - Citrix Netscaler ADC Version 12.1 and laterCVSS Score: 8.2** KEV since 2024-01-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6549NVD References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549CVE-2023-29357 - Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.Product: Microsoft SharePoint ServerCVSS Score: 9.8** KEV since 2024-01-10 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29357MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357CVE-2024-21318 - Microsoft SharePoint Server Remote Code Execution VulnerabilityProduct: Microsoft Sharepoint ServerCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21318MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318CVE-2023-50643 - Evernote for MacOS v.10.68.2 allows remote code execution via certain components.Product: Evernote CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50643NVD References: - http://evernote.com- https://github.com/V3x0r/CVE-2023-50643CVE-2024-21646 - Azure uAMQP, a general purpose C library for AMQP 1.0, is vulnerable to remote code execution due to an integer overflow or wraparound or memory safety issue when receiving crafted binary type data, but has been patched in release 2024-01-01.Product: Microsoft Azure uAMQPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21646NVD References: - https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe- https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpvCVE-2023-26999 - NetScout nGeniusOne v.6.3.4 allows remote code execution and denial of service through a crafted file.Product: Netscout nGeniusOneCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26999NVD References: - http://netscout.com- http://ngeniusone.com- https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/CVE-2023-49238 - Gradle Enterprise before 2023.1 allows remote attackers to gain access to a new installation due to a non-unique initial system user password, potentially enabling unauthorized login before the legitimate administrator logs in.Product: Gradle EnterpriseCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49238NVD References: - https://security.gradle.com- https://security.gradle.com/advisory/2023-01CVE-2023-51717 - Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.Product: Dataiku Data Science StudioCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51717NVD References: - https://dataiku.com- https://doc.dataiku.com/dss/latest/security/advisories/dsa-2023-010.htmlCVE-2024-21737 - The SAP Application Interface Framework File Adapter - version 702 allows a high privilege user to execute OS commands, potentially compromising the application's confidentiality, integrity, and availability.Product: SAP Application Interface FrameworkCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21737NVD References: - https://me.sap.com/notes/3411869- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-49235 - TRENDnet TV-IP1314PI 5.5.3 200714 devices are vulnerable to bypassing validation and executing a shell command due to mishan…
CVE-2024-0519 - Chromium:
CVE-2024-0519 Out of bounds memory access in V8Product: Google ChromeCVSS Score: 0** KEV since 2024-01-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0519MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519NVD References: - https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html- https://crbug.com/1517354CVE-2023-6548 - Authenticated Remote Code Execution in Citrix Netscaler ADC Version 12.1 and laterProduct - Citrix Netscaler ADC Version 12.1 and laterCVSS Score: 5.5** KEV since 2024-01-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6548NVD References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549CVE-2023-6549 - Denial of Service Vulnerability in Citrix Netscaler ADC Version 12.1 and laterProduct - Citrix Netscaler ADC Version 12.1 and laterCVSS Score: 8.2** KEV since 2024-01-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6549NVD References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549CVE-2023-29357 - Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.Product: Microsoft SharePoint ServerCVSS Score: 9.8** KEV since 2024-01-10 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29357MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357CVE-2024-21318 - Microsoft SharePoint Server Remote Code Execution VulnerabilityProduct: Microsoft Sharepoint ServerCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21318MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318CVE-2023-50643 - Evernote for MacOS v.10.68.2 allows remote code execution via certain components.Product: Evernote CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50643NVD References: - http://evernote.com- https://github.com/V3x0r/CVE-2023-50643CVE-2024-21646 - Azure uAMQP, a general purpose C library for AMQP 1.0, is vulnerable to remote code execution due to an integer overflow or wraparound or memory safety issue when receiving crafted binary type data, but has been patched in release 2024-01-01.Product: Microsoft Azure uAMQPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21646NVD References: - https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe- https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpvCVE-2023-26999 - NetScout nGeniusOne v.6.3.4 allows remote code execution and denial of service through a crafted file.Product: Netscout nGeniusOneCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26999NVD References: - http://netscout.com- http://ngeniusone.com- https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/CVE-2023-49238 - Gradle Enterprise before 2023.1 allows remote attackers to gain access to a new installation due to a non-unique initial system user password, potentially enabling unauthorized login before the legitimate administrator logs in.Product: Gradle EnterpriseCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49238NVD References: - https://security.gradle.com- https://security.gradle.com/advisory/2023-01CVE-2023-51717 - Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.Product: Dataiku Data Science StudioCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51717NVD References: - https://dataiku.com- https://doc.dataiku.com/dss/latest/security/advisories/dsa-2023-010.htmlCVE-2024-21737 - The SAP Application Interface Framework File Adapter - version 702 allows a high privilege user to execute OS commands, potentially compromising the application's confidentiality, integrity, and availability.Product: SAP Application Interface FrameworkCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21737NVD References: - https://me.sap.com/notes/3411869- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlCVE-2023-49235 - TRENDnet TV-IP1314PI 5.5.3 200714 devices are vulnerable to bypassing validation and executing a shell command due to mishandling of debug information filtering in libremote_dbg.so.Product: TRENDnet TV-IP1314PICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49235NVD References: - https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing- https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdfCVE-2023-49236 - TRENDnet TV-IP1314PI 5.5.3 200714 devices are susceptible to a stack-based buffer overflow, allowing arbitrary command execution due to insufficient length validation during an sscanf operation of a use…
CVE-2023-29357 - Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
CVE-2024-21318 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-50643 - Evernote for MacOS v.10.68.2 allows remote code execution via certain components.
CVE-2024-21646 - Azure uAMQP, a general purpose C library for AMQP 1.0, is vulnerable to remote code execution due to an integer overflow or wraparound or memory safety issue when receiving crafted binary type data, but has been patched in release 2024-01-01.
CVE-2023-26999 - NetScout nGeniusOne v.6.3.4 allows remote code execution and denial of service through a crafted file.
CVE-2023-49238 - Gradle Enterprise before 2023.1 allows remote attackers to gain access to a new installation due to a non-unique initial system user password, potentially enabling unauthorized login before the legitimate administrator logs in.
CVE-2023-51717 - Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.
CVE-2024-21737 - The SAP Application Interface Framework File Adapter - version 702 allows a high privilege user to execute OS commands, potentially compromising the application's confidentiality, integrity, and availability.
CVE-2023-49235 - TRENDnet TV-IP1314PI 5.5.3 200714 devices are vulnerable to bypassing validation and executing a shell command due to mishandling of debug information filtering in libremote_dbg.so.
CVE-2023-49236 - TRENDnet TV-IP1314PI 5.5.3 200714 devices are susceptible to a stack-based buffer overflow, allowing arbitrary command execution due to insufficient length validation during an sscanf operation of a user-supplied scale field in the RTSP playback function of davinci.
CVE-2023-49237 - TRENDnet TV-IP1314PI 5.5.3 200714 devices are vulnerable to command injection due to inadequate URL string filtering during language pack unpacking.
CVE-2023-49251 - SIMATIC CN 4100 (All versions < V2.7) allows remote attackers to gain root access by adding their own login credentials after device setup.
CVE-2023-49621 - SIMATIC CN 4100 (All versions < V2.7) uses default admin credentials, allowing an attacker to gain complete control of the device.
CVE-2023-51438 - SIMATIC IPC1047E, SIMATIC IPC647E, SIMATIC IPC847E are vulnerable to unauthorized access through the Redfish server in default installations of maxView Storage Manager.
CVE-2023-5347 - Korenix JetNet Series devices are vulnerable to improper verification of cryptographic signature, allowing the replacement of the entire operating system, including Trusted Executables.
CVE-2023-5376 - Korenix JetNet TFTP allows abuse of this service due to an Improper Authentication vulnerability.
CVE-2023-7219 - Totolink N350RT 9.3.5u.6139_B202012 is vulnerable to a critical stack-based buffer overflow via the loginAuth function in the /cgi-bin/cstecgi.cgi file, allowing remote attackers to launch attacks by manipulating the http_host argument, as indicated by vulnerability identifier VDB-249853.
CVE-2023-7220 - Totolink NR1800X 9.1.0u.6279_B20210910 is vulnerable to a critical stack-based buffer overflow in the loginAuth function of the file /cgi-bin/cstecgi.cgi, allowing for remote attacks via manipulation of the password argument, with the exploit publicly disclosed as VDB-249854.
CVE-2023-7221 - Totolink T6 4.1.9cu.5241_B20210923 is vulnerable to a critical buffer overflow in the component HTTP POST Request Handler's function main due to the manipulation of the argument v41, allowing remote attackers to initiate attacks; exploit details have been publicly disclosed under the identifier VDB-249855 with no response from the vendor.
CVE-2023-7222 - Totolink X2000R 1.0.0-B20221212.1452 allows remote attackers to trigger a buffer overflow via a manipulated submit-url argument, as demonstrated by VDB-249856.
CVE-2024-0342 - Inis up to 2.0.1 is vulnerable to SQL injection via the argument sql in /app/api/controller/default/Sqlite.php (VDB-250110).
CVE-2024-0344 - Soxft TimeMail up to 1.1 is vulnerable to SQL injection via the manipulation of the argument c in the file check.php, allowing for unauthorized database access.
CVE-2024-0352 - Likeshop up to 2.5.7.20210311 allows unrestricted remote upload via a critical vulnerability in the FileServer::userFormImage function of HTTP POST Request Handler's File.php.
CVE-2024-0355 - PHPGurukul Dairy Farm Shop Management System up to 1.1 allows sql injection via the category argument in add-category.php (VDB-250122).
CVE-2024-0357 - Coderd-repos Eva 1.0.0 is vulnerable to a critical SQL injection allowing remote attackers to manipulate the argument property of the HTTP POST Request Handler component's file /system/traceLog/page, as identified by VDB-250124, and the exploit has been publicly disclosed.
CVE-2024-0359 - Simple Online Hotel Reservation System 1.0 is vulnerable to remote SQL injection via manipulation of the username/password argument in the login.php file (
CVE-2023-31446 - Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947 allows for Bash code injection and execution with root privileges on device startup through the unsanitized queueUrl parameter in /bypass/config.
Product: Cassia Networks XC1000CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-31446NVD References: - https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution- https://www.cassianetworks.comCVE-2024-0360 - PHPGurukul Hospital Management System 1.0 is vulnerable to SQL injection via the doctorspecilization argument in admin/edit-doctor-specialization.php, potentially exploited due to the public disclosure of the exploit (VDB-250127).Product: PHPGurukul Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0360NVD References: - https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx- https://vuldb.com/?ctiid.250127- https://vuldb.com/?id.250127CVE-2024-0361 - PHPGurukul Hospital Management System 1.0 allows SQL injection via the mobnum argument in admin/contact.php, potentially causing critical damage, as identified by VDB-250128.Product: PHPGurukul Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0361NVD References: - https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx- https://vuldb.com/?ctiid.250128- https://vuldb.com/?id.250128CVE-2024-0362 - PHPGurukul Hospital Management System 1.0 is vulnerable to SQL injection in the admin/change-password.php file due to the manipulation of the cpass argument, allowing for potential exploitation.Product: PHPGurukul Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0362NVD References: - https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx- https://vuldb.com/?ctiid.250129- https://vuldb.com/?id.250129CVE-2024-0363 - PHPGurukul Hospital Management System 1.0 is vulnerable to SQL injection in the file admin/patient-search.php through the manipulation of the searchdata argument (CVE-ID: VDB-250130).Product: PHPGurukul Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0363NVD References: - https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx- https://vuldb.com/?ctiid.250130- https://vuldb.com/?id.250130CVE-2024-0364 - PHPGurukul Hospital Management System 1.0 is susceptible to a critical SQL injection vulnerability via the adminremark parameter in admin/query-details.php, allowing public disclosure and potential exploitation, identified as VDB-250131.Product: PHPGurukul Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0364NVD References: - https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx- https://vuldb.com/?ctiid.250131- https://vuldb.com/?id.250131CVE-2020-26629 - Hospital Management System V4.0 allows unauthenticated attackers to upload any file to the server due to a JQuery Unrestricted Arbitrary File Upload vulnerability.Product: PHPGurukul Hospital Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-26629NVD References: https://packetstormsecurity.com/files/176302/Hospital-Management-System-4.0-XSS-Shell-Upload-SQL-Injection.htmlCVE-2023-50585 - Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.Product: Tenda A18CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50585NVD References: https://github.com/LaPhilosophie/IoT-vulnerable/blob/main/Tenda/A18/formSetDeviceName.mdCVE-2022-46025 - Totolink N200RE_V5 V9.3.5u.6255_B20211224 allows remote attackers to obtain Wi-Fi system information without authentication.Product: Totolink N200RE V5CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-46025NVD References: https://pastebin.com/aan5jT40CVE-2023-48245, CVE-2023-48250, CVE-2023-48251, CVE-2023-48262 through CVE-2023-48266 - Multiple vulnerabilities in Bosch Nexo cordless nutrunnerProduct: Bosch NEXO-OSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48245NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48250NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48251NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48262NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48263NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48264NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48265NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48266NVD References: https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlCVE-2023-51952 through CVE-2023-51972 - Tenda AX1803 v1.0.0.1 contains multiple vulnerabilitiesProduct: Tenda AX1803CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51952NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51953NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51954NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51955NVD: ht…
CVE-2024-0360 - PHPGurukul Hospital Management System 1.0 is vulnerable to SQL injection via the doctorspecilization argument in admin/edit-doctor-specialization.php, potentially exploited due to the public disclosure of the exploit (VDB-250127).
CVE-2024-0361 - PHPGurukul Hospital Management System 1.0 allows SQL injection via the mobnum argument in admin/contact.php, potentially causing critical damage, as identified by VDB-250128.
CVE-2024-0362 - PHPGurukul Hospital Management System 1.0 is vulnerable to SQL injection in the admin/change-password.php file due to the manipulation of the cpass argument, allowing for potential exploitation.
CVE-2024-0363 - PHPGurukul Hospital Management System 1.0 is vulnerable to SQL injection in the file admin/patient-search.php through the manipulation of the searchdata argument (CVE-ID: VDB-250130).
CVE-2024-0364 - PHPGurukul Hospital Management System 1.0 is susceptible to a critical SQL injection vulnerability via the adminremark parameter in admin/query-details.php, allowing public disclosure and potential exploitation, identified as VDB-250131.
CVE-2020-26629 - Hospital Management System V4.0 allows unauthenticated attackers to upload any file to the server due to a JQuery Unrestricted Arbitrary File Upload vulnerability.
CVE-2023-50585 - Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVE-2022-46025 - Totolink N200RE_V5 V9.3.5u.6255_B20211224 allows remote attackers to obtain Wi-Fi system information without authentication.
CVE-2023-48245, CVE-2023-48250, CVE-2023-48251, CVE-2023-48262 through CVE-2023-48266 - Multiple vulnerabilities in Bosch Nexo cordless nutrunner
CVE-2023-51952 through CVE-2023-51972 - Tenda AX1803 v1.0.0.1 contains multiple vulnerabilities
CVE-2024-0389 - SourceCodester Student Attendance System 1.0 is susceptible to SQL injection via manipulation of the argument "class_id" in the file attendance_report.php (CVE-ID: VDB-250230).
CVE-2023-41056 - Redis in-memory database mishandles resizing of memory buffers, allowing for integer overflow and subsequent heap overflow, enabling potential remote code execution; fixed in versions 7.0.15 and 7.2.4.
CVE-2023-47862 - WWBN AVideo dev master commit 15fed957fb is vulnerable to a local file inclusion flaw that allows arbitrary code execution via specially crafted HTTP requests.
CVE-2023-49599 - WWBN AVideo dev master commit 15fed957fb is vulnerable to insufficient entropy in salt generation, enabling an attacker to escalate privileges by gathering system information, and forging a legitimate admin user's password recovery code through offline bruteforce of the salt.
CVE-2023-51126 - FLIR AX8 up to 1.46.16 is vulnerable to command injection, enabling attackers to execute arbitrary commands through the value parameter in /usr/www/res.php.
CVE-2023-52064 - Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php.
CVE-2023-51123 - D-Link Dir815 v.1.01SSb08.bin allows remote code execution via a crafted POST request.
CVE-2024-21638 - Azure IPAM lacked authentication token validation allowing attackers to impersonate privileged users and access sensitive data, leading to an elevation of privilege.
CVE-2024-21669 - The Hyperledger Aries Cloud Agent Python (ACA-Py) fails to factor in the result of verifying the presentation proof, allowing holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present falsely constructed proofs and enabling malicious verifiers to save and replay presentations as their own.
CVE-2023-52027 - TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
CVE-2023-52028 - TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.
CVE-2023-52029 - TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.
CVE-2023-52030 - TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
CVE-2023-52031 - TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.
CVE-2023-52032 - TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
CVE-2023-6220 - The Piotnet Forms plugin for WordPress allows unauthenticated attackers to perform arbitrary file uploads and potentially achieve remote code execution.
CVE-2023-6316 - The MW WP Form plugin for WordPress allows unauthenticated attackers to upload arbitrary files, leading to potential remote code execution.
CVE-2023-6634 - The LearnPress plugin for WordPress allows remote code execution due to a command injection vulnerability in versions up to and including 4.2.5.7.
CVE-2023-6875 - The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized data access and modification through a type juggling issue, potentially leading to site takeover.
CVE-2023-6979 - The Customer Reviews for WooCommerce plugin for WordPress allows authenticated attackers with author-level access and above to upload arbitrary files, potentially enabling remote code execution.
CVE-2024-22199 - The Fiber web framework's package for multiple template engines allows the execution of malicious scripts in users' browsers through user-supplied data, but this has been addressed by setting autoescape to `true` by default.
CVE-2024-21591 - Juniper Networks Junos OS on SRX Series and EX Series is vulnerable to an Out-of-bounds Write allowing remote attackers to cause a DoS or RCE with root privileges through arbitrary memory overwriting.
CVE-2023-49569 - go-git versions prior to v5.11 are vulnerable to a path traversal vulnerability that allows an attacker to create and amend files across the filesystem, potentially leading to remote code execution.
CVE-2023-31024 - NVIDIA DGX A100 BMC is susceptible to a stack memory corruption vulnerability in the host KVM daemon, allowing an unauthenticated attacker to execute arbitrary code, cause denial of service, disclose information, or tamper with data through a specially crafted network packet.
CVE-2023-31029 - The NVIDIA DGX A100 baseboard management controller (BMC) is vulnerable to a stack overflow caused by a specially crafted network packet, allowing unauthenticated attackers to potentially execute arbitrary code, cause denial of service, disclose information, and tamper with data.
CVE-2023-31030 - NVIDIA DGX A100 BMC is vulnerable to a stack overflow in the host KVM daemon, allowing unauthenticated attackers to achieve arbitrary code execution, denial of service, information disclosure, and data tampering.
CVE-2024-22206 - Clerk allows unauthorized access or privilege escalation through a logic flaw in auth() or getAuth() functions, fixed in v4.29.3.
CVE-2023-51698 - Atril, a simple multi-page document viewer, is vulnerable to a critical Command Injection Vulnerability, granting immediate access to the target system through a crafted document or link, which can be mitigated by applying the patch at commit ce41df6.
CVE-2024-0468 - Fighting Cock Information System 1.0 is susceptible to a critical unrestricted upload vulnerability in the /admin/action/new-father.php file, allowing attackers to remotely launch an exploit via manipulation of the image argument, as identified by VDB-250573.
CVE-2024-0469 - Human Resource Integrated System 1.0 is vulnerable to a critical SQL injection in the update_personal_info.php file, allowing remote malicious actors to exploit the 'sex' argument and has been publicly disclosed as VDB-250574.
CVE-2024-0470 - The Human Resource Integrated System 1.0 is vulnerable to remote SQL injection through manipulation of the argument id in /admin_route/inc_service_credits.php.
CVE-2024-0471 - Human Resource Integrated System 1.0 is vulnerable to remote SQL injection via the date argument in the dec_service_credits.php file (VDB-250576).
CVE-2024-0552 - Intumit Inc. SmartRobot's web framework allows for unauthorized remote code execution, enabling arbitrary command execution on the remote server.
CVE-2023-34063 - Aria Automation's Missing Access Control vulnerability enables an authenticated malicious actor to gain unauthorized access to remote organizations and workflows.
CVE-2024-22406 - Shopware's 'name' field in the "aggregations" object is vulnerable to SQL injection and can be exploited using time-based SQL queries, requiring users to update to version 6.5.7.4 or install corresponding security measures.
CVE-2021-4434 - The Social Warfare plugin for WordPress up to version 3.5.2 is vulnerable to Remote Code Execution through the 'swp_url' parameter, enabling server code execution by malicious actors.
CVE-2024-0642 - C21 Live Encoder and Live Mosaic product (version 5.3) allows remote attackers to access the application as an administrator user due to inadequate access control and poor credential management.
CVE-2024-0643 - The C21 Live Encoder and Live Mosaic product, version 5.3, allows remote attackers to fully compromise the system through unrestricted uploading of dangerous file types.
CVE-2018-15133 - Laravel Deserialization of Untrusted Data Vulnerability
Product: LaravelCVSS Score: 0** KEV since 2024-01-16 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-15133CVE-2024-0056 - Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass VulnerabilityProduct: Microsoft.Data.SqlclientCVSS Score: 8.7NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0056MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056CVE-2024-20652 - Windows HTML Platforms Security Feature Bypass VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20652MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20652CVE-2024-20653 - Microsoft Common Log File System Elevation of Privilege VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20653MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20653CVE-2024-20654 - Microsoft ODBC Driver Remote Code Execution VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20654MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654CVE-2024-20656 - Visual Studio Elevation of Privilege VulnerabilityProduct: Microsoft Visual StudioCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20656MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656CVE-2024-20657 - Windows Group Policy Elevation of Privilege VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20657MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20657CVE-2024-20658 - Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20658MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20658CVE-2024-20661 - Microsoft Message Queuing Denial of Service VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20661MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20661CVE-2024-20672 - .NET Denial of Service VulnerabilityProduct: Microsoft .NETCVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20672MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672CVE-2024-20674 - Windows Kerberos Security Feature Bypass VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20674MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674CVE-2024-20676 - Azure Storage Mover Remote Code Execution VulnerabilityProduct: Microsoft Azure Storage MoverCVSS Score: 8.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20676MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676CVE-2024-20677 - Microsoft Office Remote Code Execution VulnerabilityProduct: Microsoft 365 AppsCVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20677MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677CVE-2024-20681 - Windows Subsystem for Linux Elevation of Privilege VulnerabilityProduct: Microsoft Windows 10 21H2CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20681MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20681CVE-2024-20682 - Windows Cryptographic Services Remote Code Execution VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20682MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20682CVE-2024-20683 - Win32k Elevation of Privilege VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20683MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20683CVE-2024-20686 - Win32k Elevation of Privilege VulnerabilityProduct: Microsoft Windows Server 2022 23H2CVSS Score: 7.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20686MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686CVE-2024-20687 - Microsoft AllJoyn API Denial of Service VulnerabilityProduct: Microsoft Windows 10 1507CVSS Score: 7.5NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20687MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20687CVE-2024-20696 - Windows Libarchive Remote Code Execution VulnerabilityProduct: Microsoft Windows 10 1809CVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20696MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696CVE-2024-20697 - Windows Libarchive Remote Code Execution VulnerabilityProduct: Microsoft Windows 11 22H2CVSS Score: 7.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20697MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697CVE-2024-2…
CVE-2024-20652 - Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2024-20653 - Microsoft Common Log File System Elevation of Privilege Vulnerability
CVE-2024-20654 - Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-20656 - Visual Studio Elevation of Privilege Vulnerability
CVE-2024-20657 - Windows Group Policy Elevation of Privilege Vulnerability
CVE-2024-20658 - Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2024-20661 - Microsoft Message Queuing Denial of Service Vulnerability
CVE-2024-20672 - .NET Denial of Service Vulnerability
CVE-2024-20674 - Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-20676 - Azure Storage Mover Remote Code Execution Vulnerability
CVE-2024-20677 - Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20681 - Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2024-20682 - Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-20683 - Win32k Elevation of Privilege Vulnerability
CVE-2024-20686 - Win32k Elevation of Privilege Vulnerability
CVE-2024-20687 - Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-20696 - Windows Libarchive Remote Code Execution Vulnerability
CVE-2024-20697 - Windows Libarchive Remote Code Execution Vulnerability
CVE-2024-20698 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-20700 - Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21307 - Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-21309 - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-21310 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-21312 - .NET Framework Denial of Service Vulnerability
CVE-2023-22527 - Confluence Data Center and Server versions prior to the most recent supported versions are susceptible to template injection vulnerability, enabling unauthenticated attackers to achieve remote code execution.
Sponsors
Corelight, Inc.
Sponsored By Corelight[Webinar] Defend with Endpoint and Network Telemetry | What happens on the endpoint doesn’t stay on the endpoint. Join Corelight and Cribl on Jan. 25 to learn how to defend against advanced threats and lateral movement by unifying endpoint and network telemetry. Register for the live webinar:
CrashPlan
Do You Know Where Your Data Is? SANS and CrashPlan have teamed up to survey our audience about user endpoints and what strategies organizations are using to protect against the loss of data. We invite you to complete this survey for a chance to win a $250 Amazon gift card!
BreachLock Inc
Automating Vulnerability Management with BreachLock | Tune in on Tue, February 27 as Dave Shackleford takes a solutions deep dive with BreachLock’s attack surface management and penetration testing as a service offering. | Register now:
Palo Alto Networks
A SANS Survey: The Future of Network Security Technology | Join Matt Bromiley and invited guest speakers from Palo Alto Networks on Wed, February 28 as they dive into spending habits, priorities, and decision-making processes when it comes to security technology. | Register now: