AtRisk June 27, 2024 Vol. XXIV

Jump to:

Internet Storm Center Spotlight
Recent CVEs
Sponsors
Read More

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html Configuration Scanners Adding Java Specific Configuration Files Published: 2024-06-24 Last Updated: 2024-06-24 08:37:24 UTC by Johannes Ullrich (Version: 1) Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like ".env" or ".config" are the target, with some cloud-specific configuration files sprinkled in. Today, I noticed in our "First Seen URL" list a new variation that appears to target Java Spring configuration files. For example, the following files are now being hunted ... https://isc.sans.edu/diary/Configuration+Scanners+Adding+Java+Specific+Configuration+Files/31032/ No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] Published: 2024-06-20 Last Updated: 2024-06-20 01:19:16 UTC by Guy Bruneau (Version: 1) [This is a Guest Diary by Owen Slubowski, an ISC intern as part of the SANS.edu BACS program] Over the past 20 weeks I have had the privilege to take part in the SANS Internet Storm Center Internship. This has been an awesome chance to deploy and monitor a honeypot to explore what must be the fate of so many unsecured devices on the internet. Over the tenure here the one thing that was so shocking to me was not only the amount of devices that are conducting password attacks, but also the damage they could have done if their malware had been successful. Over the 20 weeks of this internship, I had more than 16,790 unique devices attempt to gain unauthorized access to my honeypot over SSH and Telnet from 49 different countries! With the amount of threat actors out there it almost seems like a strong password policy isn’t enough on its own. And over the multitude of attack reports I wrote it always listed the same control that could have protected the system: MFA and filtering to protect the system. In my mind these solutions always imply a greater cost that is often outside of our reach as hobbyist and small organizations … Or are they? Over the course of the next few pages, I look to discuss different technical controls I was first introduced to during the internship that can be applied to Ubuntu Linux at no cost and how they can help protect against these attempts to login by various threat actors. Read the full entry: https://isc.sans.edu/diary/No+Excuses+Free+Tools+to+Help+Secure+Authentication+in+Ubuntu+Linux+Guest+Diary/31024/

Sysinternals' Process Monitor Version 4 Released (2024.06.22)

https://isc.sans.edu/diary/Sysinternals+Process+Monitor+Version+4+Released/31026/

Microsoft Patch Tuesday June 2024 (2024.06.11)

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+June+2024/31000/

Finding End of Support Dates: UK PTSI Regulation (2024.06.07)

https://isc.sans.edu/diary/Finding+End+of+Support+Dates+UK+PTSI+Regulation/30992/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Apple tvOS CVSS Score: 0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27815 ISC Podcast: https://isc.sans.edu/podcastdetail/9034

CVE-2024-37079 & CVE-2024-37080 - vCenter Server is susceptible to heap-overflow vulnerabilities in its DCERPC protocol implementation, allowing remote code execution through specially crafted network packets. Product: VMware vCenter Server CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37079 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37080 NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Product: WordPress Picture / Portfolio / Media Gallery CVSS Score: 9.3 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5021 NVD References: - https://plugins.trac.wordpress.org/browser/nimble-portfolio/trunk/includes/prettyphoto/download-image.php#L17 - https://www.wordfence.com/threat-intel/vulnerabilities/id/224a2d6d-7fdc-43a8-a8c9-26213b604433?source=cve

Product: WordPress Salon booking system plugin CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3229 NVD References: - https://plugins.trac.wordpress.org/changeset/3103584/salon-booking-system/trunk/src/SLN/Action/Ajax/ImportAssistants.php - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bbbf5be-5c0a-4514-88ac-003083c0bba3?source=cve

Product: Sirv Image Optimizer, Resizer and CDN Plugin CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5853 NVD References: - https://plugins.trac.wordpress.org/changeset/3103410/sirv/trunk/sirv.php - https://www.wordfence.com/threat-intel/vulnerabilities/id/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=cve

Product: ThemeFusion Avada CVSS Score: 9.1 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39312 NVD References: https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-author-unrestricted-zip-extraction-vulnerability?_s_id=cve

Product: WP Hotel Booking WordPress CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3605 NVD References: - https://wordpress.org/plugins/wp-hotel-booking/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve

Product: WordPress Lifeline Donation plugin CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5432 NVD References: - https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292 - https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125 - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve

Product: WordPress Shariff Wrapper plugin CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4098 NVD References: - https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L410 - https://plugins.trac.wordpress.org/changeset/3103137 - https://www.wordfence.com/threat-intel/vulnerabilities/id/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=cve

Product: XWiki Platform CVSS Score: 9.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37899 NVD References: - https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93 - https://jira.xwiki.org/browse/XWIKI-21611

Product: XWiki Platform CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38369 NVD References: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh

Product: Icegram Email Subscribers by Icegram Express CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5756 NVD References: - https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/db/class-es-db-contacts.php#L532 - https://plugins.trac.wordpress.org/changeset/3101638/email-subscribers/trunk/lite/includes/db/class-es-db-contacts.php - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5bd11c6-2f55-4eee-834a-c4e405482b9c?source=cve

Product: Parallels Desktop CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6240 NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop

Product: Adminerevo CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45197 NVD References: - https://github.com/adminerevo/adminerevo/commit/1cc06d6a1005fd833fa009701badd5641627a1d4 - https://github.com/adminerevo/adminerevo/releases/tag/v4.8.3

Product: Artbees Jupiter X Core CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38389 NVD References: https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve

Product: Pearadmin Pear Admin Boot CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6241 NVD References: - https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5IPQ - https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5KBS - https://vuldb.com/?ctiid.269375 - https://vuldb.com/?id.269375

Product: Canonical docker snap CVSS Score: 9.3 NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-27352 NVD References: - https://bugs.launchpad.net/snapd/+bug/1910456 - https://ubuntu.com/security/notices/USN-4728-1 - https://www.cve.org/CVERecord?id=CVE-2020-27352

Product: Next4Biz Business Process Management (BPM) Software CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5683 NVD References: https://www.usom.gov.tr/bildirim/tr-24-0739

Product: StylemixThemes Consulting Elementor Widgets CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37091 NVD References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerability?_s_id=cve

Product: WishList Member X CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37109 NVD References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve

Product: InstaWP Connect CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37228 NVD References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve

Product: FreeRTOS-Plus-TCP CVSS Score: 9.6 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38373 NVD References: - https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1 - https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv

Product: Baicells Snap Router BaiCE_BMI CVSS Score: 9.3 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6198 NVD References: https://www.baicells.com

Product: Avaya IP Office CVSS Score: 10.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4196 NVD References: https://download.avaya.com/css/public/documents/101090768

Product: Avaya IP Office CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4197 NVD References: https://download.avaya.com/css/public/documents/101090768

Product: WordPress Quiz Maker plugin CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6028 NVD References: - https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904 - https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901 - https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php - https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php - https://wordpress.org/plugins/quiz-maker/#developers - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve

Product: Conduit Client-Server API CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6303 NVD References: - https://conduit.rs/changelog/#v0-8-0-2024-06-12 - https://gitlab.com/famedly/conduit/-/releases/v0.8.0

Product: Progress MOVEit Gateway CVSS Score: 9.1 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5805 NVD References: - https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805 - https://www.progress.com/moveit CVE-2024-5806 - Progress MOVEit Transfer (SFTP module) versions before 2023.0.11, 2023.1.6, and 2024.0.2 are vulnerable to Authentication Bypass. Product: Progress MOVEit Transfer CVSS Score: 9.1 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5806 NVD References: - https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 - https://www.progress.com/moveit CVE-2024-4883 - Progress WhatsUp Gold is vulnerable to unauthenticated attackers achieving Remote Code Execution by exploiting NmApi.exe in versions released prior to 2023.1.3. Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4883 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring CVE-2024-4884 - Progress WhatsUp Gold is vulnerable to unauthenticated Remote Code Execution up to version 2023.1.3, allowing execution of commands with elevated privileges. Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4884 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring CVE-2024-4885 - Progress WhatsUpGold is vulnerable to an unauthenticated Remote Code Execution flaw in the GetFileWithoutZip function, allowing for command execution with elevated privileges. Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4885 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring CVE-2024-5276 - Fortra FileCatalyst Workflow is vulnerable to SQL Injection, allowing attackers to alter application data and potentially gain unauthorized access. Product: Fortra FileCatalyst Workflow CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5276 NVD References: - https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 - https://www.fortra.com/security/advisory/fi-2024-008 - https://www.tenable.com/security/research/tra-2024-25 CVE-2024-28397 - js2py up to v0.74 is vulnerable to arbitrary code execution through a crafted API call in the component js2py.disable_pyimport(). Product: js2py CVSS Score: 0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28397 ISC Podcast: https://isc.sans.edu/podcastdetail/9032 NVD References: - https://github.com/Marven11 - https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

Product: Progress MOVEit Transfer CVSS Score: 9.1 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5806 NVD References: - https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 - https://www.progress.com/moveit CVE-2024-4883 - Progress WhatsUp Gold is vulnerable to unauthenticated attackers achieving Remote Code Execution by exploiting NmApi.exe in versions released prior to 2023.1.3. Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4883 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring CVE-2024-4884 - Progress WhatsUp Gold is vulnerable to unauthenticated Remote Code Execution up to version 2023.1.3, allowing execution of commands with elevated privileges. Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4884 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring CVE-2024-4885 - Progress WhatsUpGold is vulnerable to an unauthenticated Remote Code Execution flaw in the GetFileWithoutZip function, allowing for command execution with elevated privileges. Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4885 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring CVE-2024-5276 - Fortra FileCatalyst Workflow is vulnerable to SQL Injection, allowing attackers to alter application data and potentially gain unauthorized access. Product: Fortra FileCatalyst Workflow CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5276 NVD References: - https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 - https://www.fortra.com/security/advisory/fi-2024-008 - https://www.tenable.com/security/research/tra-2024-25 CVE-2024-28397 - js2py up to v0.74 is vulnerable to arbitrary code execution through a crafted API call in the component js2py.disable_pyimport(). Product: js2py CVSS Score: 0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28397 ISC Podcast: https://isc.sans.edu/podcastdetail/9032 NVD References: - https://github.com/Marven11 - https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4883 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring

Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4884 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring

Product: Progress WhatsUp Gold CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4885 NVD References: - https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - https://www.progress.com/network-monitoring

Product: Fortra FileCatalyst Workflow CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5276 NVD References: - https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 - https://www.fortra.com/security/advisory/fi-2024-008 - https://www.tenable.com/security/research/tra-2024-25

Product: js2py CVSS Score: 0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28397 ISC Podcast: https://isc.sans.edu/podcastdetail/9032 NVD References: - https://github.com/Marven11 -

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS

BreachLock Inc

Microsoft

Palo Alto Networks Cortex

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

The Consensus Security Vulnerability Alert

Share

Internet Storm Center Spotlight

Internet Storm Center Entries

Recent CVEs

CVE-2024-27815 - tvOS 17.5, visionOS 1.2, iOS 17.5, and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5 have fixed an out-of-bounds write issue that could allow an app to execute arbitrary code with kernel privileges.

CVE-2024-37079 & CVE-2024-37080 - vCenter Server is susceptible to heap-overflow vulnerabilities in its DCERPC protocol implementation, allowing remote code execution through specially crafted network packets.

CVE-2024-5021 - The WordPress Picture / Portfolio / Media Gallery plugin is vulnerable to Server-Side Request Forgery in all versions up to 3.0.1, allowing unauthenticated attackers to make web requests to arbitrary locations.

CVE-2024-3229 - The Salon booking system plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.

CVE-2024-5853 - The Sirv plugin for WordPress is vulnerable to arbitrary file uploads, allowing authenticated attackers with Contributor-level access to upload files and potentially achieve remote code execution.

CVE-2023-39312 - Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

CVE-2024-3605 - The WP Hotel Booking plugin for WordPress is susceptible to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to 2.1.0.

CVE-2024-4742 - The Youzify plugin for WordPress is vulnerable to SQL Injection through the order_by shortcode attribute, allowing authenticated attackers with Contributor-level access and above to extract sensitive information from the database.

CVE-2024-5432 - The Lifeline Donation plugin for WordPress up to version 1.2.6 is vulnerable to authentication bypass, allowing unauthenticated attackers to impersonate any existing user on the site.

CVE-2024-4098 - The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion, allowing unauthenticated attackers to execute arbitrary files on the server.

CVE-2024-37899 - XWiki Platform allows users to execute malicious code in their profile when their account is disabled, impacting versions up to 16.0.0.

CVE-2024-38369 - XWiki Platform allows users to impersonate authors of included content, but this vulnerability has been patched in XWiki 15.0 RC1.

CVE-2024-5756 - The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23, allowing unauthenticated attackers to extract sensitive information from the database.

CVE-2024-6240 - Parallels Desktop Software is vulnerable to improper privilege management, allowing an attacker to escalate privileges by adding malicious code to a script executed on application startup.

CVE-2023-45197 - Adminer's file upload plugin vulnerability allows an attacker to upload and execute a file with a table name of ".." in the root directory.

CVE-2023-38389 - JupiterX Core versions from n/a through 3.3.8 allow unauthorized users to access restricted functionality due to an Incorrect Authorization vulnerability.

CVE-2024-6241 - Pear Admin Boot up to 2.0.2 is vulnerable to a critical SQL injection flaw in the getDictItems function of /system/dictData/getDictItems/ that can be exploited remotely, with the exploit already disclosed to the public as VDB-269375.

CVE-2020-27352 - Snapd allows for potential privilege escalation in containers managed by Docker snap and similar snaps due to a lack of Delegate=yes specification in systemd service units.

CVE-2024-5683 - Next4Biz CRM &amp; BPM Software Business Process Management (BPM) software allows remote code inclusion due to improper control of code generation, affecting versions 6.6.4.4 to 6.6.4.5.

CVE-2024-37089 - Consulting Elementor Widgets by StylemixThemes is vulnerable to PHP Local File Inclusion due to an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue.

CVE-2024-37091 - Consulting Elementor Widgets is vulnerable to OS Command Injection due to improper neutralization of special elements in a command, affecting versions up to 1.3.0.

CVE-2024-37109 - WishList Member X is vulnerable to Code Injection from version n/a through 3.25.1.

CVE-2024-37228 - InstaWP Connect allows Code Injection vulnerability from n/a through 0.1.0.38.

CVE-2024-38373 - FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 are vulnerable to a buffer over-read issue in the DNS Response Parser, allowing for potential exploitation by crafted DNS responses.

CVE-2023-6198 - Baicells Snap Router BaiCE_BMI on EP3011 has a hard-coded credentials vulnerability that allows unauthorized access to the device.

CVE-2024-4196 - Avaya IP Office is vulnerable to remote code execution due to improper input validation in the Web Control component before version 11.1.3.1.

CVE-2024-4197 - Avaya IP Office is vulnerable to remote command or code execution through unrestricted file uploads in versions prior to 11.1.3.1.

CVE-2024-6297 - WordPress plugins hosted on WordPress.org have been compromised, allowing threat actors to inject malicious PHP scripts that exfiltrate database credentials and create new administrator users.

CVE-2024-6028 - The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter, allowing unauthenticated attackers to extract sensitive information from the database.

CVE-2024-6303 - Conduit &lt;=0.7.0 is missing authorization in its Client-Server API, allowing for privilege escalation by moving aliases to different rooms.

CVE-2024-5805 - Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.

CVE-2024-5806 - Progress MOVEit Transfer (SFTP module) versions before 2023.0.11, 2023.1.6, and 2024.0.2 are vulnerable to Authentication Bypass.

CVE-2024-4883 - Progress WhatsUp Gold is vulnerable to unauthenticated attackers achieving Remote Code Execution by exploiting NmApi.exe in versions released prior to 2023.1.3.

CVE-2024-4884 - Progress WhatsUp Gold is vulnerable to unauthenticated Remote Code Execution up to version 2023.1.3, allowing execution of commands with elevated privileges.

CVE-2024-4885 - Progress WhatsUpGold is vulnerable to an unauthenticated Remote Code Execution flaw in the GetFileWithoutZip function, allowing for command execution with elevated privileges.

CVE-2024-5276 - Fortra FileCatalyst Workflow is vulnerable to SQL Injection, allowing attackers to alter application data and potentially gain unauthorized access.

CVE-2024-28397 - js2py up to v0.74 is vulnerable to arbitrary code execution through a crafted API call in the component js2py.disable_pyimport().

CVE-2024-28397 - js2py-Sandbox-Escape

Sponsors

SANS

BreachLock Inc

Microsoft

Palo Alto Networks Cortex

CVE-2024-5683 - Next4Biz CRM & BPM Software Business Process Management (BPM) software allows remote code inclusion due to improper control of code generation, affecting versions 6.6.4.4 to 6.6.4.5.

CVE-2024-6303 - Conduit <=0.7.0 is missing authorization in its Client-Server API, allowing for privilege escalation by moving aliases to different rooms.