SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 18
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474
Published: 2024-04-30
Last Updated: 2024-04-30 15:19:40 UTC
by Johannes Ullrich (Version: 1)
Yesterday, I talked about attacks against a relatively recent D-Link NAS vulnerability. Today, scanning my honeypot logs, I found an odd URL that I didn't recognize. The vulnerability is a bit older but turns out to be targeting yet another NAS.
The sample request ...
The exploit is simple: attempt to download and execute the "amanas2" binary and execute it. Sadly, I was not able to retrieve the file. Virustotal does show the URL as malicious for a couple of anti-malware tools.
Oddly, I am seeing this pattern only the last couple days, even though the vulnerability and the PoC were disclosed last year ...
Read the full entry:
D-Link NAS Device Backdoor Abused
Published: 2024-04-29
Last Updated: 2024-04-29 13:48:03 UTC
by Johannes Ullrich (Version: 1)
End of March, NetworkSecurityFish disclosed a vulnerability in various D-Link NAS devices. The vulnerability allows access to the device using the user "messagebus" without credentials. The sample URL used by the PoC was ...
In addition to not requiring a password, the URL also accepts arbitrary system commands, which must be base64 encoded. Initial exploit attempts were detected as soon as April 8th. The vulnerability is particularly dangerous as some affected devices are no longer supported by DLink, and no patch is expected to be released. DLink instead advised to replace affected devices. I have not been able to find an associated CVE number.
[Graph of hits for URLs that include "user=messagebus" with two distinct peaks. One early in April and one late in April]
After the initial exploit attempts at the beginning of the month, we now see a new distinct set of exploit attempts, some of which use different URLs to attack vulnerable systems. It appears that nas_sharing<dot>cgi is not the only endpoint that can be used to take advantage of the passwordless "messagebus" account.
Read the full entry:
https://isc.sans.edu/diary/DLink+NAS+Device+Backdoor+Abused/30878/
Internet Storm Center Entries
Linux Trojan - Xorddos with Filename eyshcjdmzg (2024.04.29)
https://isc.sans.edu/diary/Linux+Trojan+Xorddos+with+Filename+eyshcjdmzg/30880/
Does it matter if iptables isn't running on my honeypot? (2024.04.25)
https://isc.sans.edu/diary/Does+it+matter+if+iptables+isnt+running+on+my+honeypot/30862/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2022-38028 - Windows Print Spooler Elevation of Privilege Vulnerability
Product: Microsoft Windows Server 2022
CVSS Score: 0
** KEV since 2024-04-23 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-38028
ISC Podcast: https://isc.sans.edu/podcastdetail/8952
CVE-2023-4473 - The Zyxel NAS326 and NAS542 firmware versions V5.21(AAZF.14)C0 and V5.21(ABAG.11)C0 are susceptible to command injection, enabling unauthorized execution of operating system commands via a manipulated URL.
Product: Zyxel Nas542_Firmware
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4473
ISC Diary: https://isc.sans.edu/diary/30884
ISC Podcast: https://isc.sans.edu/podcastdetail/8962
CVE-2023-4474 - The Zyxel NAS326 and NAS542 firmware versions V5.21(AAZF.14)C0 and V5.21(ABAG.11)C0 improperly neutralize special elements, allowing unauthenticated attackers to execute OS commands via a crafted URL.
Product: Zyxel Nas542_Firmware
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-4474
ISC Diary: https://isc.sans.edu/diary/30884
ISC Podcast: https://isc.sans.edu/podcastdetail/8962
CVE-2024-20353 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to an unauthenticated remote attacker causing denial of service by triggering an unexpected device reload through a crafted HTTP request.
Product: Cisco Adaptive Security Appliance Software
CVSS Score: 8.6
** KEV since 2024-04-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20353
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
CVE-2024-20359 - Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software are vulnerable to an authenticated, local attacker being able to execute arbitrary code with root-level privileges by exploiting improper file validation in system flash memory.
Product: Cisco Adaptive Security Appliance Software
CVSS Score: 6.0
** KEV since 2024-04-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20359
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
CVE-2024-2389 - Flowmon is vulnerable to an operating system command injection flaw, allowing unauthenticated users to execute arbitrary commands via the management interface.
Product: Flowmon
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2389
ISC Podcast: https://isc.sans.edu/podcastdetail/8952
CVE-2024-32658 & CVE-2024-32659 - FreeRDP prior to version 3.5.1 out-of-bounds read vulnerabilities
Product: FreeRDP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32658
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32659
NVD References:
- https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
- https://oss-fuzz.com/testcase-detail/4852534033317888
- https://oss-fuzz.com/testcase-detail/6196819496337408
- https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
CVE-2024-32948 - Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember:from n/a through 4.0.28.
Product: Repute Infosystems ARMember
CVSS Score: 9.1
CVE-2024-32709 - Plechev Andrey WP-Recall is vulnerable to SQL Injection from versions n/a through 16.26.5.
Product: Plechev Andrey WP-Recall
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32709
NVD References: https://patchstack.com/database/vulnerability/wp-recall/wordpress-wp-recall-plugin-16-26-5-sql-injection-vulnerability?_s_id=cve
CVE-2024-32836 - WP-Lister Lite for eBay allows unrestricted upload of files with dangerous types, posing a security risk from versions n/a through 3.5.11.
Product: WP Lab WP-Lister Lite for eBay
CVSS Score: 9.1
CVE-2024-32954 - Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
Product: Tribulant Newsletters
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32954
NVD References: https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2023-31090 - Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Unlimited Elements Unlimited Elements For Elementor
CVSS Score: 9.9
CVE-2023-51425 - Rencontre – Dating Site is vulnerable to Privilege Escalation due to Improper Privilege Management from version n/a through 3.10.1.
Product: Jacques Malgrange Rencontre – Dating SiteCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51425NVD References: https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-10-1-unauthenticated-account-takeover-vulnerability?_s_id=cveCVE-2023-51472 - Mestres do WP Checkout Mestres WP is vulnerable to Privilege Escalation due to Improper Authentication in versions n/a through 7.1.9.7.Product: Mestres do WP Checkout Mestres WPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51472NVD References: https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-account-takeover-vulnerability?_s_id=cveCVE-2023-51477 - BuddyBoss Theme allows unauthorized access to functionality not properly constrained by ACLs, affecting versions from n/a through 2.4.60.Product: BuddyBoss ThemeCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51477NVD References: https://patchstack.com/database/vulnerability/buddyboss-theme/wordpress-buddyboss-theme-theme-2-4-60-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cveCVE-2023-51478 - Abdul Hakeem Build App Online is vulnerable to improper authentication, enabling privilege escalation from version n/a through 1.0.19.Product: Abdul Hakeem Build App OnlineCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51478NVD References: https://patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-unauthenticated-account-takeover-vulnerability?_s_id=cveCVE-2023-51482 - EazyPlugins Eazy Plugin Manager is vulnerable to improper authentication, allowing unauthorized access to functionalities not properly restricted by ACLs.Product: EazyPlugins Eazy Plugin ManagerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51482NVD References: https://patchstack.com/database/vulnerability/plugins-on-steroids/wordpress-eazy-plugin-manager-plugin-4-1-2-subscriber-arbitrary-options-update-lead-to-rce-vulnerability?_s_id=cveCVE-2023-51484 - WP Login as User or Customer (User Switching) versions up to 3.8 allow unauthorized users to elevate their privileges through improper authentication.Product: WP Login as User or Customer (User Switching)CVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51484NVD References: https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cveCVE-2024-22144 - Eli Scheetz Anti-Malware Security and Brute-Force Firewall has a Code Injection vulnerability allowing attackers to inject malicious code.Product: Eli Scheetz Anti-Malware Security and Brute-Force FirewallCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22144NVD References: - https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve- https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve- https://sec.stealthcopter.com/cve-2024-22144/CVE-2024-30560 - Cross-Site Request Forgery (CSRF) vulnerability in WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.Product: WP DX-WatermarkCVSS Score: 9.6NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30560NVD References: https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cveCVE-2024-31266 - AlgolPlus Advanced Order Export For WooCommerce is vulnerable to Code Injection from version n/a through 3.4.4.Product: AlgolPlus Advanced Order Export For WooCommerceCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31266NVD References: https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-4-4-remote-code-execution-vulnerability?_s_id=cveCVE-2022-36028 & CVE-2022-36029 - Greenlight has open redirect vulnerabilities in versions prior to 2.13.0 within the Login page.Product: BigBlueButton GreenlightCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36028NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36029NVD References: - https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623- https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://CVE-2024-0916 - Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.Product: UvDesk CommunityCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0916NVD References: - https://github.com/uvdesk/core-framework/pull/706- https://pentraze.com/vulnerability-reports/CVE-2024-32651 - Changedetection.io is vulnerable to Server Side Template Injection (SSTI) in Jinja2, allowing attackers to execute remote …
CVE-2023-51477 - BuddyBoss Theme allows unauthorized access to functionality not properly constrained by ACLs, affecting versions from n/a through 2.4.60.
CVE-2023-51478 - Abdul Hakeem Build App Online is vulnerable to improper authentication, enabling privilege escalation from version n/a through 1.0.19.
Product: Abdul Hakeem Build App Online
CVSS Score: 9.8
CVE-2023-51482 - EazyPlugins Eazy Plugin Manager is vulnerable to improper authentication, allowing unauthorized access to functionalities not properly restricted by ACLs.
Product: EazyPlugins Eazy Plugin Manager
CVSS Score: 9.9
CVE-2023-51484 - WP Login as User or Customer (User Switching) versions up to 3.8 allow unauthorized users to elevate their privileges through improper authentication.
Product: WP Login as User or Customer (User Switching)
CVSS Score: 9.8 AtRiskScore 30
CVE-2024-22144 - Eli Scheetz Anti-Malware Security and Brute-Force Firewall has a Code Injection vulnerability allowing attackers to inject malicious code.
Product: Eli Scheetz Anti-Malware Security and Brute-Force Firewall
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22144
NVD References:
- https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve
- https://sec.stealthcopter.com/cve-2024-22144/
CVE-2024-30560 - Cross-Site Request Forgery (CSRF) vulnerability in WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.
Product: WP DX-Watermark
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30560
CVE-2024-31266 - AlgolPlus Advanced Order Export For WooCommerce is vulnerable to Code Injection from version n/a through 3.4.4.
Product: AlgolPlus Advanced Order Export For WooCommerce
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31266
CVE-2022-36028 & CVE-2022-36029 - Greenlight has open redirect vulnerabilities in versions prior to 2.13.0 within the Login page.
Product: BigBlueButton Greenlight
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36028
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36029
NVD References:
- https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
- https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
CVE-2024-0916 - Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
Product: UvDesk Community
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0916
NVD References:
- https://github.com/uvdesk/core-framework/pull/706
- https://pentraze.com/vulnerability-reports/
CVE-2024-32651 - Changedetection.io is vulnerable to Server Side Template Injection (SSTI) in Jinja2, allowing attackers to execute remote commands and potentially takeover the server machine.
Product: Changedetection.io
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32651
NVD References:
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
CVE-2024-3962 - The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.
Product: Product Addons & Fields for WooCommerce
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3962
NVD References:
- https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon
- https://themeisle.com/plugins/ppom-pro/
CVE-2024-0740 - Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 allows remote code execution without authentication, fixed in Eclipse IDE 2024-03.
Product: Eclipse Foundation Eclipse Target Management
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0740
NVD References:
- https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171
CVE-2023-47222 - Media Streaming add-on has an exposure of sensitive information vulnerability that could compromise system security via network exploitation, now fixed in version 500.1.1.5.
Product: Media Streaming add-on
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47222
NVD References: https://www.qnap.com/en/security-advisory/qsa-24-15
CVE-2024-32764 - myQNAPcloud Link is vulnerable to missing authentication for critical function allowing unauthorized users to access certain features.
Product: QNAP myQNAPcloud Link
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32764
NVD References: https://www.qnap.com/en/security-advisory/qsa-24-09
CVE-2024-32766 - QNAP operating systems versions are vulnerable to OS command injection, allowing users to execute commands via a network, but the issue has been fixed in the latest releases.
Product: QNAP QTS
CVSS Score: 10.0
NVD: https://www.qnap.com/en/security-advisory/qsa-24-09
NVD References: https://www.qnap.com/en/security-advisory/qsa-24-09
CVE-2024-32880 - Pyload allows authenticated users to leverage a folder change vulnerability to upload a malicious template and achieve remote code execution, with no current fix in place.
Product: payload Download Manageer
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32880
NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f
CVE-2024-32881 - Danswer is vulnerable to unauthorized access to slack bot tokens, potentially leading to full compromise of the customer's slack bot.
Product: Danswer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32881
NVD References:
- https://github.com/danswer-ai/danswer/commit/89ff07a96b41be9e05256bd252105be233f4d28a
- https://github.com/danswer-ai/danswer/commit/bd7e21a6388775e850d6f716675a893c72881e56
- https://github.com/danswer-ai/danswer/security/advisories/GHSA-xr9w-3ggr-hr6j
CVE-2024-3342 - The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection through the 'events' attribute of the 'mp-timetable' shortcode in versions up to 2.4.11, allowing authenticated attackers with contributor-level access to extract sensitive database information.
Product: MotoPress Timetable and Event Schedule
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3342
NVD References:
CVE-2024-1874 - PHP versions 8.1.*, 8.2.*, and 8.3.* are vulnerable to arbitrary command execution in Windows shell when using proc_open() with array syntax.
Product: PHP
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1874
NVD References: https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
CVE-2024-4300 - E-WEBInformationCo. FS-EZViewer(Web) allows remote attackers to access database credentials and host IP address by revealing sensitive information in the service.
Product: E-WEBInformationCo. S-EZViewer(Web)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4300
NVD References: https://www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html
CVE-2024-33551 - XStore Core versions up to 5.3.5 suffer from an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands.
Product: 8theme XStore Core
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33551
CVE-2024-33553 - Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
Product: 8theme XStore Core
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33553
CVE-2024-33559 - XStore is vulnerable to SQL Injection from versions n/a through 9.3.5.
Product: 8theme XStore
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33559
NVD References: https://patchstack.com/database/vulnerability/xstore/wordpress-xstore-theme-9-3-5-unauthenticated-sql-injection-vulnerability?_s_id=cve
CVE-2024-33544 & CVE-2024-33546 - AA-Team WZone through 14.0.10 SQL Injection vulnerabilities
Product: AA-Team WZone
CVSS Scores: 9.3 - 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33544
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33546
NVD References: https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-unauthenticated-sql-injection-vulnerability?_s_id=cve
CVE-2024-3191 - MailCleaner up to 2023.03.14 is vulnerable to a critical issue in its Email Handler component, leading to remote os command injection.
Product: MailCleaner
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3191
NVD References:
- https://github.com/MailCleaner/MailCleaner/pull/601
- https://modzero.com/en/advisories/mz-24-01-mailcleaner/
- https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf
- https://vuldb.com/?ctiid.262307
- https://vuldb.com/?id.262307
CVE-2024-33566 - Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
Product: N-Media OrderConvo
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33566
CVE-2024-3375 - Dialogue in Havelsan Inc. allows unauthorized access to critical resources due to improper permission assignment.
Product: Havelsan Inc. Dialogue
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3375
NVD References: https://www.usom.gov.tr/bildirim/tr-24-0363
CVE-2024-4306 - HubBank version 1.0.2 is vulnerable to a critical unrestricted file upload bug, enabling registered users to upload malicious PHP files through document upload fields and execute webshells.
Product: HubBank
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4306
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank
CVE-2024-31266 - AlgolPlus Advanced Order Export For WooCommerce is vulnerable to Code Injection from version n/a through 3.4.4.
Product: AlgolPlus Advanced Order Export For WooCommerce
CVSS Score: 9.1
CVE-2022-36028 & CVE-2022-36029 - Greenlight has open redirect vulnerabilities in versions prior to 2.13.0 within the Login page.
Product: BigBlueButton Greenlight
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36028
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-36029
NVD References:
- https://github.com/bigbluebutton/greenlight/commit/20fe1ee71b5703fcc4ed698a959ad224fed19623
- https://huntr.com/bounties/ba5834bd-1f04-4936-8e93-2442d45403bahttps://
CVE-2024-0916 - Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
Product: UvDesk Community
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0916
NVD References:
CVE-2024-32651 - Changedetection.io is vulnerable to Server Side Template Injection (SSTI) in Jinja2, allowing attackers to execute remote commands and potentially takeover the server machine.
Product: Changedetection.io
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32651
NVD References:
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3
- https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2
CVE-2024-3962 - The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.
Product: Product Addons & Fields for WooCommerce
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3962
NVD References:
- https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon
CVE-2024-0740 - Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 allows remote code execution without authentication, fixed in Eclipse IDE 2024-03.
Product: Eclipse Foundation Eclipse Target Management
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0740
NVD References:
- https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171
CVE-2023-47222 - Media Streaming add-on has an exposure of sensitive information vulnerability that could compromise system security via network exploitation, now fixed in version 500.1.1.5.
Product: Media Streaming add-on
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47222
NVD References: https://www.qnap.com/en/security-advisory/qsa-24-15
CVE-2024-32764 - myQNAPcloud Link is vulnerable to missing authentication for critical function allowing unauthorized users to access certain features.
Product: QNAP myQNAPcloud Link
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32764
NVD References: https://www.qnap.com/en/security-advisory/qsa-24-09
CVE-2024-32766 - QNAP operating systems versions are vulnerable to OS command injection, allowing users to execute commands via a network, but the issue has been fixed in the latest releases.
Product: QNAP QTS
CVSS Score: 10.0
NVD: https://www.qnap.com/en/security-advisory/qsa-24-09
NVD References: https://www.qnap.com/en/security-advisory/qsa-24-09
CVE-2024-32880 - Pyload allows authenticated users to leverage a folder change vulnerability to upload a malicious template and achieve remote code execution, with no current fix in place.
Product: payload Download Manageer
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32880
NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f
CVE-2024-32881 - Danswer is vulnerable to unauthorized access to slack bot tokens, potentially leading to full compromise of the customer's slack bot.
Product: Danswer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32881
NVD References:
- https://github.com/danswer-ai/danswer/commit/89ff07a96b41be9e05256bd252105be233f4d28a
- https://github.com/danswer-ai/danswer/commit/bd7e21a6388775e850d6f716675a893c72881e56
- https://github.com/danswer-ai/danswer/security/advisories/GHSA-xr9w-3ggr-hr6j
CVE-2024-3342 - The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection through the 'events' attribute of the 'mp-timetable' shortcode in versions up to 2.4.11, allowing authenticated attackers with contributor-level access to extract sensitive database information.
Product: MotoPress Timetable and Event Schedule
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3342
NVD References:
CVE-2024-1874 - PHP versions 8.1.*, 8.2.*, and 8.3.* are vulnerable to arbitrary command execution in Windows shell when using proc_open() with array syntax.
Product: PHP
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1874
NVD References: https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
CVE-2024-4300 - E-WEBInformationCo. FS-EZViewer(Web) allows remote attackers to access database credentials and host IP address by revealing sensitive information in the service.
Product: E-WEBInformationCo. S-EZViewer(Web)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4300
NVD References: https://www.twcert.org.tw/tw/cp-132-7774-fbd01-1.html
CVE-2024-33551 - XStore Core versions up to 5.3.5 suffer from an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands.
CVE-2024-33553 - Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
CVE-2024-33559 - XStore is vulnerable to SQL Injection from versions n/a through 9.3.5.
Product: 8theme XStore
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33559
NVD References: https://patchstack.com/database/vulnerability/xstore/wordpress-xstore-theme-9-3-5-unauthenticated-sql-injection-vulnerability?_s_id=cve
CVE-2024-33544 & CVE-2024-33546 - AA-Team WZone through 14.0.10 SQL Injection vulnerabilities
Product: AA-Team WZone
CVSS Scores: 9.3 - 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33544
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33546
NVD References: https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-unauthenticated-sql-injection-vulnerability?_s_id=cve
CVE-2024-3191 - MailCleaner up to 2023.03.14 is vulnerable to a critical issue in its Email Handler component, leading to remote os command injection.
Product: MailCleaner
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3191
NVD References:
- https://github.com/MailCleaner/MailCleaner/pull/601
- https://modzero.com/en/advisories/mz-24-01-mailcleaner/
- https://modzero.com/static/MZ-24-01_modzero_MailCleaner.pdf
CVE-2024-33566 - Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
CVE-2024-3375 - Dialogue in Havelsan Inc. allows unauthorized access to critical resources due to improper permission assignment.
Product: Havelsan Inc. Dialogue
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3375
NVD References: https://www.usom.gov.tr/bildirim/tr-24-0363
CVE-2024-4306 - HubBank version 1.0.2 is vulnerable to a critical unrestricted file upload bug, enabling registered users to upload malicious PHP files through document upload fields and execute webshells.
Product: HubBank
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4306
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank
Sponsors
SANS
SANS 2024 CTI Survey: Managing the Evolving Threat Landscape | May 22 | Join us to learn How the CTI discipline has evolved in the past year-how CTI analysts kept up with the ever-changing threat landscape, how they view emerging threats (adversary use of AI), and how technology enablement improves efficiency.
SANS
SANS 2024 CTI Survey: Managing the Evolving Threat Landscape | May 22 | Join us to learn How the CTI discipline has evolved in the past year-how CTI analysts kept up with the ever-changing threat landscape, how they view emerging threats (adversary use of AI), and how technology enablement improves efficiency.
SANS
SANS 2024 CTI Survey: Managing the Evolving Threat Landscape | May 22 | Join us to learn How the CTI discipline has evolved in the past year-how CTI analysts kept up with the ever-changing threat landscape, how they view emerging threats (adversary use of AI), and how technology enablement improves efficiency.
Dragos
Resilient by Design: Rethinking Cybersecurity in Manufacturing | May 23, 1:00 pm ET | Tune in to this discussion with Dragos and Rockwell Automation as they discuss current cybersecurity threats in manufacturing, proactive responses to cybersecurity risks, and navigating the OT/ICS cybersecurity journey.