Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

[Guest Diary] Insights from August Web Traffic Surge

Published: 2024-11-06.

Last Updated: 2024-11-06 04:32:30 UTC

by Trevor Coleman, SANS.edu BACS Student (Version: 1)

[This is a Guest Diary by Trevor Coleman, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program.

The month of August brought with it a notable surge in web traffic log activities, catching my attention. As I delved into investigating the underlying causes of this spike, I uncovered some concerning findings that shed light on the potential risks organizations face in today's digital landscape.

The web honeypot log traffic, as parsed in the DShield-SIEM dashboard, served as a visual representation of the significant increase in activity. With over 62,000,000 activity logs originating from a single IP source, it was evident that something was amiss, comparatively to the second most source at 757,000. The most observed activity was directed towards destination ports 5555, 7547, and 9000, indicating a targeted effort to exploit vulnerabilities in web applications. Ports 5555 and 9000 are commonly used in malware attacks for known vulnerabilities on webservers ...

Analysis of the HTTP requests to the web honeypot revealed that the attacker exploited various known vulnerabilities. Out of the total requests, 57,243,299 (92%) were GET requests, 4,960,056 (8%) were POST requests, while there were significantly fewer PUT (18,466) and DELETE (4,150) requests. Figure 5 shows the top 5 http request methods and corresponding logs and count of each attempt. Note only 2 different PATCH request types were present ...

Read the full entry:

https://isc.sans.edu/diary/Guest+Diary+Insights+from+August+Web+Traffic+Surge/31408/

Scans for RDP Gateways

Published: 2024-10-30.

Last Updated: 2024-10-30 23:08:30 UTC

by Johannes Ullrich (Version: 1)

RDP is one of the most prominent entry points into networks. Ransomware actors have taken down many large networks after initially entering via RDP. Credentials for RDP access are often traded by “initial access brokers".

I noticed today an uptick in scans for "/RDWeb/Pages/en-US/login<.>aspx" . This is often used to expose RDP gateways, and there are even well-known Google dorks that assist in finding these endpoints. The scans I observed today are spread between several hundred IP addresses, none of which "sticks out" as more frequent than others. This could indicate a large botnet being used to scan for this endpoint.

There are three variations of this URL being used, all with the same effect of detecting the presence of an RDP gateway ...

Read the full entry:

https://isc.sans.edu/diary/Scans+for+RDP+Gateways/31398/

Internet Storm Center Entries


Python RAT with a Nice Screensharing Feature (2024.11.05)

https://isc.sans.edu/diary/Python+RAT+with+a+Nice+Screensharing+Feature/31414/

Analyzing an Encrypted Phishing PDF (2024.11.04)

https://isc.sans.edu/diary/Analyzing+an+Encrypted+Phishing+PDF/31404/

qpdf: Extracting PDF Streams (2024.11.02)

https://isc.sans.edu/diary/qpdf+Extracting+PDF+Streams/31406/

October 2024 Activity with Username chenzilong (2024.10.31)

https://isc.sans.edu/diary/October+2024+Activity+with+Username+chenzilong/31400/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-9191 - The Okta Device Access feature allows attackers on compromised devices to retrieve passwords from Desktop MFA passwordless logins.

Product: Okta Verify

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9191

ISC Podcast: https://isc.sans.edu/podcast/9208

NVD References:

- https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4

- https://trust.okta.com/security-advisories/

CVE-2024-48878 - Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

Product: Zohocorp ManageEngine ADManager Plus

CVSS Score: 8.8

NISC Podcast: https://isc.sans.edu/podcast/9208

NVD References: https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html

CVE-2024-38030 - Windows Themes Spoofing Vulnerability

Product: Microsoft Windows_Server_2022

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38030

ISC Podcast: https://isc.sans.edu/podcast/9204

CVE-2024-38821 - Spring WebFlux applications with Spring Security authorization rules on static resources can be bypassed when certain conditions are met.

Product: Spring WebFlux

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38821

ISC Podcast: https://isc.sans.edu/podcast/9202

CVE-2024-45656 - IBM Flexible Service Processor (FSP) has static credentials that can be exploited by network users to gain unauthorized service privileges.

Product: IBM Flexible Service Processor (FSP)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45656

NVD References: https://www.ibm.com/support/pages/node/7174183

CVE-2024-5823 - Gaizhenbiao/chuanhuchatgpt versions <= 20240410 is susceptible to a file overwrite vulnerability, enabling unauthorized access to critical configuration files and potentially causing a denial of service.

Product: Gaizhenbiao Chuanhuchatgpt

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5823

NVD References:

- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b

- https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae

CVE-2024-5982 - Gaizhenbiao/chuanhuchatgpt has a path traversal vulnerability due to unsanitized input handling in user upload, directory creation, and template loading features, enabling remote code execution, directory creation, and CSV file content leakage.

Product: Gaizhenbiao Chuanhuchatgpt

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5982

NVD References:

- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7

- https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb

CVE-2024-6581 - Lollms application version v9.9 allows for the uploading of SVG files, posing a risk of cross-site scripting (XSS) vulnerabilities and remote code execution due to incomplete filtering.

Product: Lollms Lord Of Large Language Models

CVSS Score: 9.0 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6581

NVD References:

- https://github.com/parisneo/lollms/commit/328b960a0de2097e13654ac752253e9541521ddd

- https://huntr.com/bounties/ad68ecd6-44e2-449b-8e7e-f2b71b1b43c7

CVE-2024-7042 - The GraphCypherQAChain class in langchain-ai/langchainjs versions 0.2.5 and all versions allows for SQL injection, unauthorized data manipulation, data exfiltration, DoS attacks, breaches in multi-tenant security, and data integrity compromises.

Product: Langchain

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7042

NVD References:

- https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6

- https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d

CVE-2024-7774 - Langchain-ai/langchainjs version 0.2.5 is vulnerable to a path traversal issue that enables attackers to manipulate files, including saving, overwriting, reading, and deleting files.

Product: Langchain

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7774

NVD References:

- https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9

- https://huntr.com/bounties/8fe40685-b714-4191-af7a-3de5e5628cee

CVE-2024-8309 - The GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 is vulnerable to SQL injection, allowing for unauthorized data manipulation, data exfiltration, denial of service, breaches in multi-tenant security, and compromise of data integrity.

Product: Langchain

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8309

NVD References:

- https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255

- https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5

CVE-2024-7475 - Lunary version 1.3.2 is vulnerable to improper access control, allowing unauthorized users to update the SAML configuration and potentially manipulate authentication processes and steal user information.

Product: Lunary

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7475

NVD References:

- https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

- https://huntr.com/bounties/78c824f7-3b6d-443d-bb76-0f8031c6c126

CVE-2024-49768 - Waitress is vulnerable to a remote client sending a request of exact length followed by a secondary request using HTTP pipelining, allowing a race condition that can be fixed by disabling channel_request_lookahead.

Product: Pylons Project Waitress

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49768

NVD References:

- https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65

- https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

CVE-2024-8923 -ServiceNow has fixed an input validation vulnerability allowing remote code execution on the Now Platform. Product: ServiceNow Now Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8923

NVD References: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070

CVE-2024-9988 & CVE-2024-9989 - The Crypto plugin for WordPress allows unauthenticated attackers to log in as any existing user, including administrators, due to an authentication bypass vulnerability in versions up to 2.15.

Product: WordPress Crypto plugin

Active Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9988

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9989

NVD References:

- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L91

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7bfe87cf-9883-4f8f-a0f5-23bbc7bb9b7c?source=cve

- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138

- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L33

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e21bd924-1d96-4371-972a-5c99d67261cc?source=cve

CVE-2024-48063 - In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE.

Product: PyTorch RemoteModule

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48063

NVD References:

- https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065

- https://github.com/pytorch/pytorch/issues/129228

- https://github.com/pytorch/pytorch/security/policy#using-distributed-features

- https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c

CVE-2024-48206 - A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.

Product: chainer v7.8.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48206

NVD References:

- https://gist.github.com/hexian2001/51c6257351098e5b086a12ad247cc6ca

- https://rumbling-slice-eb0.notion.site/chainer-s-chainermn-has-MPI-Deserialization-vulnerability-in-chainer-chainer-c6a004feb53a447e8fb440968d73d6fd?pvs=4

CVE-2024-48138 - PluXml v5.8.16 and lower is vulnerable to remote code execution via injection of a crafted payload into a template.

Product: PluXml

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48138

NVD References: https://github.com/pluxml/PluXml/issues/829

CVE-2024-48573 - AquilaCMS 1.409.20 and prior is vulnerable to NoSQL injection, enabling attackers to reset passwords through the "Reset password" feature without authentication.

Product: Aquila Solutions AquilaCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48573

NVD References: https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48573

CVE-2024-51378 - CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands.

Product: CyberPanel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51378

NVD References:

- https://cwe.mitre.org/data/definitions/420.html

- https://cwe.mitre.org/data/definitions/78.html

- https://cyberpanel.net/KnowledgeBase/home/change-logs/

- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel

- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683

- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/

- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

CVE-2024-51567 - CyberPanel before 5b08cd6 allows remote attackers to execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware and using shell metacharacters in the statusfile property.

Product: CyberPanel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51567

NVD References:

- https://cwe.mitre.org/data/definitions/420.html

- https://cwe.mitre.org/data/definitions/78.html

- https://cyberpanel.net/KnowledgeBase/home/change-logs/

- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel

- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce

- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515

- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

CVE-2024-51568 - CyberPanel before version 2.3.5 is vulnerable to Command Injection and unauthenticated remote code execution through /filemanager/upload.

Product: CyberPanel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51568

NVD References:

- https://cwe.mitre.org/data/definitions/78.html

- https://cyberpanel.net/KnowledgeBase/home/change-logs/

- https://cyberpanel.net/blog/cyberpanel-v2-3-5

- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce

CVE-2024-10507 & CVE-2024-10509, CVE-2024-10736 & CVE-2024-10737 - Codezips Free Exam Hall Seating Management System 1.0 is vulnerable to critical SQL injection flaws

Products: Codezips Free Exam Hall Seating Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10507

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10509

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10736

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10737

NVD References:

- https://github.com/ppp-src/CVE/issues/26

- https://github.com/ppp-src/CVE/issues/27

- https://github.com/EddieAy/cve/issues/3

- https://github.com/Scholar-XD/CVE/issues/1

CVE-2024-10556, CVE-2024-10561, & CVE-2024-10752 - Codezips Pet Shop Management System 1.0 critical SQL injection flaws

Product: Codezips Pet Shop Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10556

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10561

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10752

NVD References: https://github.com/ppp-src/CVE/issues/28

NVD References: https://github.com/ppp-src/CVE/issues/29

NVD References: https://github.com/primaryboy/CVE/issues/1

CVE-2024-8512 - The W3SPEEDSTER plugin for WordPress allows authenticated attackers to perform Remote Code Execution by exploiting the 'script' parameter in versions up to 7.26.

Product: WordPress W3SPEEDSTER

Active Installations: 1,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8512

NVD References:

- https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740

- https://plugins.trac.wordpress.org/changeset/3175640/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve

CVE-2024-10525 - Eclipse Mosquitto is vulnerable to out of bounds memory access in its on_subscribe callback due to a crafted SUBACK packet from a malicious broker, affecting mosquitto_sub and mosquitto_rr clients.

Product: Eclipse Mosquitto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10525

NVD References:

- https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c

- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190

- https://mosquitto.org/blog/2024/10/version-2-0-19-released/

CVE-2024-23309 - The LevelOne WBR-6012 router is vulnerable to an authentication bypass due to its reliance on client IP addresses for authentication, allowing attackers to gain unauthorized access by spoofing an IP address.

Product: LevelOne WBR-6012_router

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23309

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996

CVE-2024-33699 - The LevelOne WBR-6012 router's firmware version R0.40e6 allows attackers to change the administrator password without current credentials.

Product: LevelOne WBR-6012 router

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33699

NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984

CVE-2024-51252, CVE-2024-51255, CVE-2024-51259, CVE-2024-51260, CVE-2024-51298 - Draytek Vigor3900 1.5.1.3 command injection vulnerabilities

Product: Draytek Vigor3900

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51252

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51255

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51259

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51260

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51298

NVD References: https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf

CVE-2024-10456 - Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are vulnerable to a deserialization attack on the Device-Gateway, allowing unauthorized deserialization of .NET objects.

Product: Delta Electronics InfraSuite Device Master

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10456

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03

CVE-2024-48202 - icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.

Product: icecms

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48202

NVD References: https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-48202.md

CVE-2024-48112 - A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Product: ThinkPHP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48112

NVD References:

- https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md

- https://github.com/top-think/think

CVE-2024-51424 & CVE-2024-51427 - Ethereum v.1.12.2 vulnerabilities allow remote attacker to execute arbitrary code

Product: Ethereum Owned & Ethereum PepeGxng

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51424

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51427

NVD References: https://github.com/Wzy-source/Gala/blob/main/CVEs/AURA_0x967d176328948e4db4446b8caf623ff9b47221fb.md

NVD References: https://github.com/Wzy-source/Gala/blob/main/CVEs/PepeGxng_0x5d8d1f28cad84fad8d2fea9fdd4ab5022d23b0fe.md

CVE-2024-10392 - The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to upload files and potentially enable remote code execution.

Product: WordPress AI Power: Complete AI Pack

Active Installations: 10,000+

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10392

NVD References: https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve

CVE-2024-48307 - JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.

Product: JeecgBoot

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48307

NVD References:

- https://github.com/jeecgboot

- https://github.com/jeecgboot/JeecgBoot

- https://github.com/jeecgboot/JeecgBoot/issues/7237

CVE-2024-42835 -langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.

Product: langflow PythonCodeTool

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42835

NVD References: https://github.com/langflow-ai/langflow/issues/2908

CVE-2024-48910 - DOMPurify, a fast XSS sanitizer for HTML, MathML, and SVG, was vulnerable to prototype pollution in version 2.4.1, but the issue has been fixed in 2.4.2.

Product: DOMPurify

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48910

NVD References:

- https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

- https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

CVE-2024-51478 - YesWiki prior to version 4.4.5 uses a weak cryptographic algorithm and hard-coded salt for password reset keys, allowing for password reset exploitation.

Product: YesWiki

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51478

NVD References:

- https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc

- https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7

- https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3

CVE-2024-51482 - ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in web/ajax/event.php, fixed in version 1.37.64.

Product: ZoneMinder

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51482

NVD References:

- https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f

- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3

CVE-2023-52044 - Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) due to unrestricted file uploads with the .php8 extension.

Product: Studio-42 eLfinder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52044

NVD References: https://github.com/Studio-42/elFinder/issues/3615

CVE-2024-39332 - Webswing 23.2.2 is vulnerable to remote code execution due to an ability for attackers to modify client-side JavaScript code and achieve path traversal.

Product: Webswing

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39332

NVD References: https://herolab.usd.de/security-advisories/usd-2024-0008/

CVE-2024-42515 - Glossarizer through 1.5.2 is vulnerable to stored XSS due to improper HTML conversion, allowing attackers to append an XSS payload to glossary entries.

Product: Glossarizer

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42515

NVD References:

- https://github.com/PebbleRoad/glossarizer

- https://herolab.usd.de/security-advisories/usd-2024-0011/

- https://www.npmjs.com/package/glossarizer

CVE-2024-51060 - Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.

Product: Projectworlds Online Admission System

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51060

NVD References:

- http://projectworld.com

- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51060

CVE-2024-51063 through CVE-2024-51065 - Phpgurukul Teachers Record Management System v2.1 and Beauty Parlour Management System v1.1 are vulnerable to SQL Injection

Product: Phpgurukul eachers Record Management System and Phpgurukul Beauty Parlour Management System

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51063

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51064

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51065

NVD References:

- http://phpgurukul.com

- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51063

- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51064

- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51065

CVE-2024-48359 - Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.

Product: Qualitor v8.24

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48359

NVD References: https://github.com/OpenXP-Research/CVE-2024-48359

CVE-2024-10595 - ESAFENET CDG 5 is vulnerable to a critical SQL injection in the delFile/delDifferCourseList function of PublicDocInfoAjax.java, allowing for remote attacks after the exploit was publicly disclosed and vendor failed to respond.

Product: ESAFENET CDG 5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10595

NVD References: https://flowus.cn/share/651b6010-4701-4cec-a5a3-6e01e22636b9?code=G8A6P3

CVE-2024-10600 - CVE-2024-10602, CVE-2024-10615 - CVE-2024-10619, CVE-2024-10655 - CVE-2024-10658, CVE-2024-10730 - CVE-2024-10732 - Tongda OA critical SQL injection vulnerabilities

Product: Tongda2000 Office Anywhere

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10600

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10601

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10602

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10615

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10616

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10617

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10618

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10619

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10655

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10656

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10657

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10658

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10730

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10731

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10732

NVD References: https://github.com/LvZCh/td/issues

CVE-2024-10607 & CVE-2024-10608 - Courier Management System 1.0 critical SQL injection vulnerabilities

Product: Carmelogarcia Courier Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10607

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10608

NVD References:

- https://code-projects.org/

- https://github.com/yanhuoshanjin/cve/issues/1

- https://github.com/AXUyaku/cve/issues/1

CVE-2024-10609 - iSourceCode Tailoring Management System Project 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument sex in file typeadd.php, allowing for remote initiation of the exploit.

Product: Angeljudesuarez Tailoring Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10609

NVD References:

- https://github.com/Lanxiy7th/lx_CVE_report-/issues/17

- https://itsourcecode.com/

CVE-2024-10659 - ESAFENET CDG 5 is vulnerable to a critical sql injection flaw in the delSystemEncryptPolicy function of the CDGAuthoriseTempletService.java file, allowing remote attackers to exploit the id argument and potentially launch attacks.

Product: ESAFENET CDG 5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10659

NVD References: https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3

CVE-2024-10660 - ESAFENET CDG 5 is susceptible to a critical sql injection vulnerability in the deleteHook function of the HookService.java file, allowing for remote attacks exploiting the manipulation of the hookId argument.

Product: ESAFENET CDG 5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10660

NVD References: https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3

CVE-2024-51431 - LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.

Product: LB-Link BL-WR 1300H

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51431

NVD References:

- https://github.com/MatJosephs/CVEs/tree/main/CVE-2024-51431

- https://www.lb-link.com/

CVE-2024-10697 - Tenda AC6 15.03.05.19 is vulnerable to a critical command injection flaw in the formWriteFacMac function, allowing for remote attacks.

Product: Tenda AC6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10697

NVD References:

- https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md

- https://www.tenda.com.cn/

CVE-2024-10698 - Tenda AC6 15.03.05.19 is vulnerable to a critical stack-based buffer overflow in the function formSetDeviceName, allowing for remote attacks.

Product: Tenda AC6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10698

NVD References:

- https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md

- https://www.tenda.com.cn/

CVE-2024-10699 - Wazifa System 1.0 is vulnerable to a critical SQL injection attack in the /controllers/logincontrol.php file, allowing for remote exploitation.

Product: Anisha Wazifa System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10699

NVD References:

- https://code-projects.org/

- https://github.com/lan041221/cve/blob/main/sql9.md

CVE-2024-10700 - University Event Management System 1.0 is vulnerable to a critical SQL injection attack in submit.php, affecting multiple parameters.

Product: Anisha University Event Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10700

NVD References:

- https://code-projects.org/

- https://github.com/aa1928992772/CVE/blob/main/sqlInjection.md

CVE-2024-10702 - Simple Car Rental System 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument fname in /signup.php, allowing for remote exploitation.

Product: Fabinros Simple Car Rental System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10702

NVD References:

- https://code-projects.org/

- https://github.com/imTedCao/cve/issues/1

CVE-2024-10733 - Restaurant Order System 1.0 is vulnerable to a critical SQL injection issue in the /login.php file, allowing for remote attacks by manipulating the argument uid.

Product: Carmelogarcia Restaurant Order System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10733

NVD References:

- https://code-projects.org/

- https://github.com/415Curry/cve/issues/1

CVE-2024-10734 & CVE-2024-10735 - Project Worlds Life Insurance Management System 1.0 critical sql injection vulnerabilities

Product: Project Worlds Life Insurance Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10734

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10735

NVD References:

- https://github.com/peteryang520/Cve-report/blob/main/SQLi-1.md

- https://github.com/GKb0y/Cve-report/blob/main/SQLi-life-insurance-management-system.md

CVE-2024-10738 - itsourcecode Farm Management System 1.0 is vulnerable to SQL injection in the file manage-breed.php, allowing for remote attacks.

Product: Angeljudesuarez Farm Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10738

NVD References:

- https://github.com/Nightmaremassacre/cve/issues/3

- https://itsourcecode.com/

CVE-2024-10739, CVE-2024-10740, & CVE-2024-10741 - E-Health Care System 1.0 critical sql injection issues

Product: Anisha E-Health Care System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10739

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10740

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10741

NVD References:

- https://code-projects.org/

- https://github.com/UnrealdDei/cve/blob/main/sql11.md

- https://github.com/1270512529/cve/blob/main/sql.md

- https://github.com/maxihongtatum/cve/blob/main/sql14.md

CVE-2024-10758 - Anirbandutta9 Content Management System and News-Buzz 1.0 is vulnerable to a critical SQL injection flaw in /index.php, allowing remote attackers to manipulate the user_name argument and potentially initiate an attack, with the exploit publicly disclosed for potential use.

Product: Anirbandutta9 News-Buzz

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10758

NVD References: https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md

CVE-2024-23590 - Apache Kylin is vulnerable to Session Fixation from version 2.0.0 through 4.x, and users should upgrade to 5.0.0 or above to mitigate the issue.

Product: Apache Kylin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23590

NVD References: https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml

CVE-2024-51136 - Dmoz2CSV in openimaj v1.3.10 is susceptible to an XXE vulnerability that enables attackers to access sensitive data or execute malicious code by providing a manipulated XML file.

Product: openimaj Dmoz2CSV

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51136

NVD References:

- https://github.com/openimaj/openimaj

- https://github.com/openimaj/openimaj/issues/382

- https://mvnrepository.com/artifact/org.openimaj.tools/WebTools

CVE-2024-51327 - ProjectWorld's Travel Management System v1.0 is vulnerable to SQL Injection in loginform.php, allowing remote attackers to bypass authentication.

Product: ProjectWorld Travel Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51327

NVD References:

- https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypass

-https://projectworlds.in/

CVE-2024-10687 - The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery plugin for WordPress is vulnerable to time-based SQL Injection allowing unauthenticated attackers to extract sensitive information from the database.

Product: The Plugin Republic Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10687

NVD References:

- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/24.0.1/v10/v10-frontend/ecommerce/ecommerce-get-raw-data-from-galleries.php#L61

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4

- https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve

CVE-2023-29118, CVE-2023-29119, & CVE-2023-29120 - Waybox Enel X web management application SQL and OS Command injection vulnerabilities

Product: Waybox Enel X web management application

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29118

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29119

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29120

NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf

NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf

CVE-2023-29121 - Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.

Product: Waybox Enel TCF Agent

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29121

NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf

CVE-2023-29125 - A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.

Product: Vendor: Garmin

Product: GTN Xi Series GPS Navigators

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29125

NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf

CVE-2024-42509 & CVE-2024-47460 - Aruba's CLI service is vulnerable to unauthorized remote code execution via specially crafted packets sent to the PAPI UDP port.

Product: Aruba PAPI (Aruba's Access Point management protocol)

CVSS Scores: 9.0 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42509

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47460

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US

CVE-2024-1561 - Gradio-app/gradio is vulnerable to unauthorized local file read access via the `/component_server` endpoint, allowing attackers to copy files from the host machine.

Product: gradio-app/gradio

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1561

ISC Diary: https://isc.sans.edu/diary/31408

CVE-2024-27920 - Nuclei v3 is vulnerable to execution of unsigned code templates through custom workflows, potentially enabling malicious code execution on users' systems.

Product: projectdiscovery nuclei

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27920

ISC Diary: https://isc.sans.edu/diary/31408

CVE-2008-2052 - Bitrix Site Manager 6.5 is vulnerable to open redirect attacks, allowing remote attackers to redirect users to malicious websites and conduct phishing scams through a specially crafted URL.

Product: Bitrix24 Bitrix_Site_Manager 6.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2008-2052

ISC Diary: https://isc.sans.edu/diary/31408

CVE-2024-43984 - Podlove Podcast Publisher is vulnerable to a CSRF issue allowing Code Injection from versions n/a through 4.1.13.

Product: Podlove Poodle Podcast Publisher

Active Installations: 5,000+

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43984

NVD References: https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-13-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-51661 - David Lingren Media Library Assistant is vulnerable to OS Command Injection from n/a through 3.19.

Product: David Lingren Media Library Assistant

Active Installations: 70,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51661

NVD References: https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-19-remote-code-execution-rce-vulnerability?_s_id=cve

The following QNAP vulnerabilities need a manual review:

CVE-2024-50388 - Vulnerability in QNAP HBS 3 Hybrid Backup Sync (PWN2OWN 2024)

Product: QNAP HBS 3 Hybrid Backup Sync

References: https://www.qnap.com/en-us/security-advisory/qsa-24-41

CVE-2024-50387 - Vulnerability in QNAP SMB Service (PWN2OWN 2024)

Product: QNAP SMB Service

References: https://www.qnap.com/en/security-advisory/qsa-24-42