Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html


Simulating Traffic With Scapy
Published: 2024-08-30.
Last Updated: 2024-08-30 00:01:35 UTC
by Jesse La Grew (Version: 1)

It can be helpful to simulate different kinds of system activity. I had an instance where I wanted to generate logs to test a log forwarding agent. This agent was processing DNS logs. There are a variety of ways that I could have decided to simulate this activity:

Generate the raw log file using a variety of tools including Bash, PowerShell, Python, etc
Generate DNS traffic using a Bash script, Python script, etc

Since I'm always looking for another way to use Python, I decided to use a Python script to simulate the DNS traffic.


Sending Serially
To start out, I tested sending traffic to a host one request at a time, using a loop that would continue to send requests with Scapy for three minutes ...

I was able to generate abour 42,000 requests, for a rate of about 236 requests per second. Not bad, but I wanted more. What other methods could I use to generate logs using Scapy to try and get a higher volume?


Sending Multiple Requests with Count

Next, I tried using Scapy with the "count" option. For this test I used 42,000 requests as a starting point and then measured the rate ...

This was able to give me about 312 reqeusts per second, which was a nice improvement over the previous test, approximately 32% more requests.


Sending Multiple Requests with Threading

What about using threading? Could this give me more request volume if I was able to send more data with less of a delay? ...

Read the full entry:
https://isc.sans.edu/diary/Simulating+Traffic+With+Scapy/31216/


Live Patching DLLs with Python

Published: 2024-08-29.
Last Updated: 2024-08-29 07:24:07 UTC
by Xavier Mertens (Version: 1)

In my previous diary, I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it’s possible to call any Windows API and, therefore, perform low-level activities on the system. In another script, besides a classic code injection in a remote process, I found an implementation of another good old technique: live patching of a DLL.

A typical usage of live patching is the implementation of a hook on an API. They are many ways to hook an API but a common one is called inline API hooking or « trampoline » (because we « jump » from the original function to a malicious one). In a few words, how to implement this: You modify the beginning of a function in memory so that when the function is called, it first jumps to your malicious code. After your code runs, it can pass control back to the original function, so the program behaves as if the function was called normally, but with your modifications applied. A good example of API hooking is to perform data exfiltration ...

Read the full entry:
https://isc.sans.edu/diary/Live+Patching+DLLs+with+Python/31218/

Internet Storm Center Entries


Protected OOXML Text Documents (2024.09.02)
https://isc.sans.edu/diary/Protected+OOXML+Text+Documents/31078/

Wireshark 4.4: Converting Display Filters to BPF Capture Filters (2024.09.01)
https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224/

Wireshark 4.4.0 is now available (2024.08.31)
https://isc.sans.edu/diary/Wireshark+440+is+now+available/31220/


Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2023-22527 - Atlassian Confluence Data Center and Server Template Injection Vulnerability
Product: Atlassian Confluence Data Center and Server
CVSS Score: 0
** KEV since 2024-01-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22527
ISC Podcast: https://isc.sans.edu/podcastdetail/9118


CVE-2024-38856 - Apache OFBiz Incorrect Authorization Vulnerability
Product: Apache OFBiz
CVSS Score: 0
** KEV since 2024-08-27 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38856
ISC Podcast: https://isc.sans.edu/podcastdetail/9116


CVE-2024-39717 - The Versa Director GUI allows for uploading malicious files under the guise of image files, posing a high severity risk if exploited by authorized admin users with Provider-Data-Center privileges.
Product: Versa Networks Versa DirectorGUI
CVSS Score: 0
** KEV since 2024-08-23 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39717
ISC Podcast: https://isc.sans.edu/podcastdetail/9116


CVE-2024-43044 - Jenkins versions 2.470 and earlier, including LTS 2.452.3, allow agents to access and read files from the Jenkins controller through a method in the Remoting library.
Product: Jenkins
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43044
ISC Podcast: https://isc.sans.edu/podcastdetail/9122


CVE-2024-4872 - Hitachi Energy MicroSCADA X SYS600 does not validate any query towards persistent
data, resulting in a risk of injection attacks.
Product: Hitachi Energy MicroSCADA X SYS600
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4872
NVD References: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch


CVE-2024-7940 - Hitachi Energy MicroSCADA X SYS600 exposes a service that is intended for local only to
all network interfaces without any authentication.
Product: Hitachi Energy MicroSCADA X SYS600
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7940
NVD References: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch


CVE-2024-7071 - Brain Low-Code before 2.1.0 allows SQL Injection through improper neutralization of special elements in an SQL command.
Product: Brain Low-Code
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7071
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1349


CVE-2024-6633 - FileCatalyst Workflow is vulnerable to compromise due to default credentials published in a vendor knowledgebase article, allowing for potential attacks on confidentiality, integrity, and availability.
Product: Fortra Filecatalyst Workflow
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6633
NVD References: https://www.fortra.com/security/advisories/product-security/fi-2024-011


CVE-2024-7720 - HP Security Manager is vulnerable to Remote Code Execution due to a code vulnerability in its open-source libraries.
Product: HP Security Manager
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7720
NVD References: https://support.hp.com/us-en/document/ish_11074404-11074432-16/


CVE-2024-8210 through CVE-2024-8214 - Command injection vulnerabilities in various D-Link Models
Product: Various D-Link Models
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8210
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8211
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8212
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8213
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8214
NVD References: https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_3rd_DiskMGR.md
NVD References: https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R1_DiskMGR.md
NVD References: https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md
NVD References: https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_1st_DiskMGR.md
NVD References: https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md
NVD References: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
NVD References: https://www.dlink.com/


CVE-2024-41622, CVE-2024-44341, & CVE-2024-44342 - D-Link DIR-846W A1 FW100A43 remote command execution vulnerabilities
Product: D-Link DIR-846W
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41622
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44341
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44342
NVD References: http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W
NVD References: https://github.com/yali-1002/some-poc/blob/main/CVE-2024-41622
NVD References: https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44341
NVD References: https://github.com/yali-1002/some-poc/blob/main/CVE-2024-44342
NVD References: https://www.dlink.com/en/security-bulletin/


CVE-2024-45623 - D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code through a stack-based buffer overflow in the ATP binary handling PHP HTTP GET requests for Apache HTTP Server.
Product: D-Link DAP-2310
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45623
NVD References: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406


CVE-2024-8217 - SourceCodester E-Commerce Website 1.0 is vulnerable to a critical SQL injection flaw in the /Admin/registration.php file, allowing remote attackers to manipulate the argument fname and potentially execute malicious code.
Product: Donbermoy E-Commerce Website
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8217
NVD References: https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Online-Art-Gallary-Management-System-onlinadvisory-sqli.md


CVE-2024-8218 - Online Quiz Site 1.0 has a critical vulnerability in the file index.php, allowing for remote initiation of a SQL injection attack through the loginid parameter.
Product: Fabianros Online Quiz Site
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8218
NVD References:
- https://code-projects.org/
- https://github.com/t4rrega/cve/issues/7


CVE-2024-8219 - Responsive Hotel Site 1.0 is vulnerable to a critical sql injection attack via the argument name/phone/email in the file index.php.
Product: Fabianros Responsive Hotel Site
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8219
NVD References:
- https://code-projects.org/
- https://github.com/t4rrega/cve/issues/8


CVE-2024-8220 - Itsourcde Tailoring Management System 1.0 is vulnerable to a critical SQL injection flaw in the file staffedit.php, allowing for remote attacks.
Product: Angeljudesuarez Tailoring Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8220
NVD References:
- https://github.com/dd456-dd/cve/issues/1
- https://itsourcecode.com/


CVE-2024-8221 through CVE-2024-8223 - SourceCodester Music Gallery Site 1.0 is vulnerable to critical SQL injection attacks
Product: Oretnom23 Music Gallery Site
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8221
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8222
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8223
NVD References: https://github.com/LiuHaoBin6/cve/blob/main/sql3.md
NVD References: https://github.com/LiuHaoBin6/cve/blob/main/sql4.md
NVD References: https://github.com/LiuHaoBin6/cve/blob/main/sql.md
NVD References: https://www.sourcecodester.com/


CVE-2024-8224 & CVE-2024-8225 - Tenda G3 15.11.0.20 is vulnerable to critical stack-based buffer overflows
Product: Tenda G3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8224
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8225
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetDebugCfg.md
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.md


CVE-2024-8226 - Tenda O1 1.0.0.7(10648) is vulnerable to a critical stack-based buffer overflow via remote attack on the function formSetCfm.
Product: Tenda O1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8226
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O1V1.1/formSetCfm.md
NVD References: https://www.tenda.com.cn/


CVE-2024-8227 - Tenda O1 1.0.0.7(10648) is vulnerable to a critical stack-based buffer overflow in the function fromDhcpSetSer of the file /goform/DhcpSetSer, allowing for remote attacks.
Product: Tenda O1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8227
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O1V1.1/fromDhcpSetSer.md
NVD References: https://www.tenda.com.cn/


CVE-2024-8228 - Tenda O5 1.0.0.8(5017) is vulnerable to a critical stack-based buffer overflow in /goform/setMacFilterList, allowing for remote attacks and public disclosure before the vendor responded.
Product: Tenda O5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8228
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O5V1.0/fromSafeSetMacFilter.md
NVD References: https://www.tenda.com.cn/


CVE-2024-8229 - Tenda O6 1.0.0.7(2054) is susceptible to a critical remote stack-based buffer overflow vulnerability through the frommacFilterModify function of /goform/operateMacFilter, with the vendor failing to respond to the disclosure.
Product: Tenda O6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8229
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O6V3.0/fromMacFilterModify.md
NVD References: https://www.tenda.com.cn/


CVE-2024-8230 - Tenda O6 1.0.0.7(2054) is susceptible to a critical stack-based buffer overflow via remote attack through the function fromSafeSetMacFilter in /goform/setMacFilterList.
Product: Tenda O6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8230
NVD References: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O6V3.0/fromSafeSetMacFilter.md
NVD References: https://www.tenda.com.cn/


CVE-2024-8030 - The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_wishlist cookie.
Product: The Ultimate Store Kit Elementor Addons Woocommerce Builder
Active Installations:
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8030
NVD References:
- https://plugins.trac.wordpress.org/changeset/3141022/ultimate-store-kit/trunk/includes/helper.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ef566dca-91ed-4929-b36b-4e424e07e1d4?source=cve


CVE-2024-34198 - TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow due to inadequate input length validation, allowing attackers to execute arbitrary commands or launch denial-of-service attacks.
Product: TOTOLINK AC1200 Wireless Router A3002RU
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34198
NVD References: https://gist.github.com/Swind1er/02f6cb414e440c34878f20fef756e286


CVE-2024-34195 - TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow due to a lack of length restriction on the wlan_ssid field in the boa server program's CGI handling function formWlEncrypt, potentially allowing for arbitrary command execution or denial of service attacks.
Product: TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34195
NVD References: https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4


CVE-2024-42905 - Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 is susceptible to a command execution vulnerability allowing attackers to gain device administrator privileges through the getVar function in ping.php.
Product: Beijing Digital China Cloud Technology Co. Ltd., DCME-320
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42905
NVD References:
- https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/1.md
- https://immense-mirror-b42.notion.site/Beijing-Digital-China-Yunke-Information-Technology-Co-Ltd-DCN-firewall-has-a-command-execution-vuln-31bdd1228f6d47c09e854af5f0e7059f


CVE-2024-44761 - An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
Product: Gzequan Eq Enterprise Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44761
NVD References: https://github.com/WarmBrew/web_vul/blob/main/EQ/EQEMS.md


CVE-2024-45233 - Powermail extension through 12.3.5 for TYPO3 has a Broken Access Control vulnerability allowing unauthenticated attackers to manipulate form data.
Product: In2Code Powermail
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45233
NVD References: https://typo3.org/security/advisory/typo3-ext-sa-2024-006


CVE-2024-45435 - Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
Product: Chartist
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45435
NVD References:
- https://gist.github.com/tariqhawis/c67177164d3b7975210caddb25b60d62
- https://github.com/chartist-js/chartist/issues/1427


CVE-2024-7857 - The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection through the 'sort_type' parameter, allowing authenticated attackers to access sensitive information.
Product: WordPress Media Library Folders plugin
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7857
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d2266254-9281-4859-8630-f7bb5c0ead19?source=cve


CVE-2024-29723 through CVE-2024-29731 - SportsNET version 4.0.1 is vulnerable to SQL injection attacks
Product: SportsNET
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29723
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29724
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29725
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29726
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29727
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29728
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29729
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29730
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29731
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
ences: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sportsnet
29729


CVE-2024-4428 - Menulux Information Technologies Management Portal allows unauthorized users to collect data provided by users until 21.05.2024.
Product: Menulux Managment Portal
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4428
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1356


CVE-2024-7856 - The MP3 Audio Player plugin for WordPress allows authenticated attackers to delete arbitrary files and potentially achieve remote code execution.
Product: Sonaar MP3 Audio Player
Active Installations: 20,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7856
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/43adc9dd-1780-440f-90c2-ff05a22eb084?source=cve


CVE-2024-8294, CVE-2024-8295, CVE-2024-8296 - FeehiCMS up to 2.1.1 unrestricted file upload vulnersbilities
Product: FeehiCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8294
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8295
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8296
NVD References: https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/Fichkems%20Friendley-Link%20file%20upload%20vulnerability.md
NVD References: https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/file_upload2/Fichkems%20banner%20file%20upload%20vulnerability.md
NVD References: https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/file_upload3/Fichkems%20user%20file%20upload%20vulnerability.md


CVE-2024-8301 - Dingfanzu CMS up to version 29d67d9044f6f93378e6eb6ff92272217ff7225c is vulnerable to SQL injection via the argument username in the file /ajax/checkin.php, allowing for remote attacks with public exploit availability and no vendor response.
Product: Dingfanzu CMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8301
NVD References: https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20checkin.php%20username%20SQL-inject.md


CVE-2024-5057 - Easy Digital Downloads is vulnerable to SQL Injection due to improper handling of special elements in SQL commands, impacting versions from n/a through 3.2.12.
Product: Easy Digital Downloads
Active Installations: 50,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5057
NVD References: https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-sql-injection-vulnerability?_s_id=cve


CVE-2024-38795 - ListingPro is vulnerable to SQL Injection from n/a through version 2.9.4 due to improper neutralization of special elements in an SQL command.
Product: Cridio ListingPro
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38795
NVD References: https://patchstack.com/database/vulnerability/listingpro-plugin/wordpress-listingpro-plugin-2-9-3-unauthenticated-sql-injection-vulnerability?_s_id=cve


CVE-2024-39622 - CridioStudio ListingPro versions n/a through 2.9.4 are susceptible to SQL Injection, allowing attackers to execute malicious commands.
Product: Cridio ListingPro
Active Installations: unknown
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39622
NVD References: https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-unauthenticated-sql-injection-vulnerability?_s_id=cve


CVE-2024-39653 - VikRentCar versions n/a through 1.4.0 are vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.
Product: VikRentCar
Active Installations: 4,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39653
NVD References: https://patchstack.com/database/vulnerability/vikrentcar/wordpress-vikrentcar-car-rental-management-system-plugin-1-4-0-sql-injection-vulnerability?_s_id=cve


CVE-2024-43132 - WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands.
Product: WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist)
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43132
NVD References: https://patchstack.com/database/vulnerability/woocommerce-collections/wordpress-docket-woocommerce-collections-wishlist-watchlist-plugin-1-6-6-unauthenticated-sql-injection-vulnerability?_s_id=cve


CVE-2024-43144 - Cost Calculator Builder allows SQL Injection due to improper neutralization of special elements in an SQL Command, affecting versions from n/a through 3.2.15.
Product: StylemixThemes Cost Calculator Builder
Active Installations: 30,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43144
NVD References: https://patchstack.com/database/vulnerability/cost-calculator-builder/wordpress-cost-calculator-builder-plugin-3-2-15-sql-injection-vulnerability?_s_id=cve


CVE-2024-43917 - TI WooCommerce Wishlist plugin is vulnerable to SQL Injection from versions n/a through 2.8.2.
Product: TemplateInvaders TI WooCommerce Wishlist
Active Installations: 100,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43917
NVD References: https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve


CVE-2024-43918 - WBW Product Table PRO version n/a through 1.9.4 is susceptible to SQL Injection due to Improper Neutralization of Special Elements in SQL Commands.
Product: WBW Product Table PRO
Active Installations: 2,000+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43918
NVD References: https://patchstack.com/database/vulnerability/woo-producttables-pro/wordpress-wbw-product-table-pro-plugin-1-9-4-unauthenticated-arbitrary-sql-query-execution-vulnerability?_s_id=cve


CVE-2024-43931 - Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
Product: eyecix JobSearch
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43931
NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-3-php-object-injection-vulnerability?_s_id=cve


CVE-2024-43941 - Propovoice Pro is vulnerable to SQL Injection from version n/a through 1.7.0.3.
Product: Propovoice Pro
Active Installations: 1,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43941
NVD References: https://patchstack.com/database/vulnerability/propovoice-pro/wordpress-propovoice-pro-plugin-1-7-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve


CVE-2024-44777, CVE-2024-44778, CVE-2024-44778 - vTiger CRM 7.4.0 reflected cross-site scripting (XSS) vulnerabilities
Product: vTiger CRM
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44777
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44778
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44779
NVD References: http://vtiger.com
NVD References: https://packetstormsecurity.com/files/180462/vTiger-CRM-7.4.0-Cross-Site-Scripting.html


CVE-2024-41361, CVE-2024-41364, CVE-2024-41366 through CVE-2024-41369 - RPi-Jukebox-RFID v2.7.0 was discovered to contain remote code execution (RCE) vulnerabilities
Product: RPi-Jukebox-RFID v2.7.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41361
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41364
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41366
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41367
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41368
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41369
NVD References: https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2398
NVD References: https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2400
NVD References: https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2399
NVD References: https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2397
NVD References: https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2396
NVD References: https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2401


CVE-2024-41370 & CVE-2024-41372 - Organizr v1.90 was discovered to contain SQL injection vulnerabilities
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41370
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41372
NVD References: https://github.com/causefx/Organizr
NVD References: https://github.com/causefx/Organizr/issues/1998
NVD References: https://github.com/causefx/Organizr/issues/1999


CVE-2024-6670 & CVE-2024-6671 - WhatsUp Gold versions released before 2024.0.0 are vulnerable to SQL Injection
Product: WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6670
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6671
NVD References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
NVD References: https://www.progress.com/network-monitoring


CVE-2024-45488 - One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access due to a cookie-related issue in virtual appliance installations.
Product: One Identity Safeguard for Privileged Passwords
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45488
NVD References:
- https://support.oneidentity.com/kb/4376740/safeguard-for-privileged-passwords-security-vulnerability-notification-defect-460620
- https://support.oneidentity.com/product-notification/noti-00001628


CVE-2024-45490 - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Product: libexpat
Product name: xmlparse
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45490
NVD References:
- https://github.com/libexpat/libexpat/issues/887
- https://github.com/libexpat/libexpat/pull/890


CVE-2024-3673 - The Web Directory Free WordPress plugin before 1.7.3 is vulnerable to Local File Inclusion due to lack of parameter validation in include() functions.
Product: The Web Directory
Active Installations: 600+
Product: Free WordPress plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3673
NVD References: https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/


CVE-2024-8331 - OpenRapid RapidCMS up to 1.3.1 is vulnerable to critical SQL injection through username manipulation in /admin/user/user-move-run.php, allowing for remote attacks.
Product: OpenRapid RapidCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8331
NVD References: https://gitee.com/A0kooo/cve_article/blob/master/RapidCMS/SQL%20injection1/rapidcms%20user-move-run.php%20SQL%20injection.md


CVE-2024-8332 - Master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f is vulnerable to a critical SQL injection in /table/index.
Product: Master-Nan Sweet-CMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8332
NVD References:
- https://github.com/master-nan/sweet-cms/commit/146359646a5a90cb09156dbd0013b7df77f2aa6c
- https://github.com/master-nan/sweet-cms/issues/1
- https://github.com/master-nan/sweet-cms/issues/2


CVE-2024-45508 - HTMLDOC before 1.9.19 is vulnerable to out-of-bounds write in parse_paragraph in ps-pdf.cxx due to stripping leading whitespace from a whitespace-only node.
Product: HTMLDOC
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45508
NVD References:
- https://github.com/michaelrsweet/htmldoc/blob/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2/CHANGES.md
- https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2
- https://github.com/michaelrsweet/htmldoc/issues/528


CVE-2024-45509 - MISP allows unauthorized access to bookmarks data for non-org admin users in BookmarksController.php up to version 2.4.196.
Product: MISP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45509
NVD References: https://github.com/MISP/MISP/commit/3f3b9a574f349182a545636e12efa39267e9db04


CVE-2024-45522 - Apps/web/pages/api/forgot-password/index.ts in Linen fails to verify domain when resetting password, allowing for potential phishing attacks.
Product: Linen
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45522
NVD References: https://github.com/Linen-dev/linen.dev/commit/cd37c3e88ec29f4e7baae7e32fe80d0137848d10


CVE-2024-45622 - ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.
Product: ASIS Aplikasi Sistem Sekolah
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45622
NVD References: https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.md


CVE-2024-7261 - Zyxel NWA1123ACv3, WAC500, WAX655E, WBE530, and USG LITE 60AX firmware versions 6.70(ABVT.4), 6.70(ABVS.4), 7.00(ACDO.1), 7.00(ACLE.1), and V2.00(ACIP.2) improperly neutralize special elements in the parameter "host" in CGI programs, potentially allowing OS command execution via a crafted cookie from an unauthenticated attacker.
Product: Zyxel NWA1123ACv3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7261
NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024


CVE-2024-38811 - VMware Fusion is vulnerable to code execution by malicious actors using an insecure environment variable.
Product: VMware Fusion
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38811
ISC Podcast: https://isc.sans.edu/podcastdetail/9124
NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939


CVE-2024-44921 - SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
Product: SeaCMS v12.9
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44921
NVD References: https://github.com/nn0nkey/nn0nkey/blob/main/CVE-2024-44921.md


CVE-2024-8381 - Firefox is vulnerable to type confusion when using an object as the `with` environment, affecting versions Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8381
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1912715
- https://www.mozilla.org/security/advisories/mfsa2024-39/
- https://www.mozilla.org/security/advisories/mfsa2024-40/
- https://www.mozilla.org/security/advisories/mfsa2024-41/


CVE-2024-8384 - Firefox was vulnerable to memory corruption due to mis-colored cross-compartment objects during garbage collection, impacting versions < 130, < 128.2, and < 115.15.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8384
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1911288
- https://www.mozilla.org/security/advisories/mfsa2024-39/
- https://www.mozilla.org/security/advisories/mfsa2024-40/
- https://www.mozilla.org/security/advisories/mfsa2024-41/


CVE-2024-8385 - Firefox is vulnerable to a type confusion bug in handling StructFields and ArrayTypes in WASM, impacting versions below 130 for Firefox and below 128.2 for Firefox ESR.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8385
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1911909
- https://www.mozilla.org/security/advisories/mfsa2024-39/
- https://www.mozilla.org/security/advisories/mfsa2024-40/


CVE-2024-8387 - Firefox and Thunderbird versions prior to 130 are vulnerable to memory safety bugs that could potentially be exploited to run arbitrary code.
Product: Mozilla Firefox and Thunderbird
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8387
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009
- https://www.mozilla.org/security/advisories/mfsa2024-39/
- https://www.mozilla.org/security/advisories/mfsa2024-40/


CVE-2024-8389 - Firefox 129 is susceptible to memory safety bugs that could lead to memory corruption and potentially allow for the execution of arbitrary code.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8389
NVD References:
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1907230%2C1909367
- https://www.mozilla.org/security/advisories/mfsa2024-39/


CVE-2024-41433 - PingCAP TiDB v8.1.0 is vulnerable to a buffer overflow in the component expression.ExplainExpressionList, enabling attackers to trigger a DoS with specially-crafted input.
Product: PingCAP TiDB
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41433
NVD References:
- https://gist.github.com/ycybfhb/eec3a1eefe4c85eb22f1bca6114359a1
- https://github.com/pingcap/tidb/issues/53796


CVE-2024-7950 - The WP Job Portal plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation, allowing unauthenticated attackers to execute arbitrary code and create user accounts with Administrator privileges.
Product: WP Job Portal
Active Installations: 6,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7950
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve


CVE-2023-41993 - Apple Multiple Products WebKit Code Execution Vulnerability
Product: Netapp Oncommand_Workflow_Automation
CVSS Score: 0
** KEV since 2023-09-25 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-41993


CVE-2023-7028 - GitLab Community and Enterprise Editions Improper Access Control Vulnerability
Product: GitLab
CVSS Score: 0
** KEV since 2024-05-01 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-7028


CVE-2024-7965 - Google Chromium V8 Inappropriate Implementation Vulnerability
Product: Google Chrome
CVSS Score: 0 AtRiskScore 30
** KEV since 2024-08-28 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7965


CVE-2021-20123 & CVE-2021-20124 - Draytek VigorConnect 1.6.0-B3 is vulnerable to local file inclusion
Product: Draytek VigorConnect 1.6.0
CVSS Score: 0
** KEV since 2024-09-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20123
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-20124


The following vulnerability needs a manual review:

CVE-2024-43425 - Moodle Calculated Questions Remote Code Execution Vulnerability
Product: Moodle
References:
- https://moodle.org/mod/forum/discuss.php?d=461193
- https://github.com/RedTeamPentesting/moodle-rce-calculatedquestions
- https://censys.com/cve-2024-43425/
- https://security.snyk.io/vuln/SNYK-PHP-MOODLEMOODLE-7836060