SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Angular-base64-update Demo Script Exploited (CVE-2024-42640)
Published: 2024-10-15.
Last Updated: 2024-10-15 15:08:01 UTC
by Johannes Ullrich (Version: 1)
Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.
Sadly, the project is also no longer maintained. But a patch is not needed. Removing the vulnerable script (and likely the entire demo folder) should be an appropriate response.
Shortly after the blog post's publication, we detected exploit attempts in our web honeypot logs. On October 14th, we saw about 3,000 scans for ...
[1] https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
Read the complete entry:
https://isc.sans.edu/diary/Angularbase64update+Demo+Script+Exploited+CVE202442640/31354/
Phishing Page Delivered Through a Blob URL
Published: 2024-10-14.
Last Updated: 2024-10-14 07:37:44 UTC
by Xavier Mertens (Version: 1)
I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I'll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers ...
But check carefully the URL: It starts with "blob:"! Usually, BLOBs are used to represent "Binary Large OBjects". In the context of a browser, an object URL[1] is a pseudo protocol to allow blob and file objects to be used as URL sources for things like images, download links for binary data, and so forth. It's part of the URL specification for handling binary data that needs to be referenced or accessed as an actual file, even if it doesn't exist as a physical file on a server.
In the context of this phishing kit, the attacker generated the landing page in a blob to remain stealthy. Let's have a look at the code ...
[1] https://en.wikipedia.org/wiki/Blob_URI_scheme
Read the complete entry:
https://isc.sans.edu/diary/Phishing+Page+Delivered+Through+a+Blob+URL/31350/
Wireshark 4.4.1 Released (2024.10.13)
https://isc.sans.edu/diary/Wireshark+441+Released/31346/
Microsoft Patch Tuesday - October 2024 (2024.10.08)
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2024/31336/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: Fortinet FortiOS
CVSS Score: 0
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23113
ISC Podcast: https://isc.sans.edu/podcastdetail/9174
Product: Mozilla Firefox
CVSS Score: 9.8
** KEV since 2024-10-15 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9680
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
Product: GitLab EE
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9164
ISC Podcast: https://isc.sans.edu/podcastdetail/9176
NVD References:
Product: Angular base64-upload
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42640
ISC Podcast: https://isc.sans.edu/podcastdetail/9182
NVD References:
- https://github.com/adonespitogo/angular-base64-upload
- https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
Product: Ivanti Endpoint Manager Cloud Services Appliance (CSA)
CVSS Score: 7.2
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9379
NVD References:
CVE-2024-9380 - Ivanti CSA before version 5.0.2 is vulnerable to OS command injection in the admin web console, enabling a remote authenticated attacker to execute remote code with admin privileges.
Product: Ivanti Endpoint Manager Cloud Services Appliance (CSA)
CVSS Score: 7.2
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9380
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
Product: Microsoft Windows 10 1809
CVSS Score: 7.8
** KEV since 2024-10-08 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43572
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572
Product: Microsoft Windows 10 22H2
CVSS Score: 8.1
** KEV since 2024-10-08 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43573
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573
Product: Siemens SENTRON 7KM PAC3200
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41798
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-850560.html
Product: Siemens SINEC Security Monitor
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47553
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-430425.html
Product: LatePoint plugin for WordPress
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8911
NVD References:
Product: LatePoint plugin for WordPress
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8943
NVD References:
Product: WP UserPlus plugin
Active Installations: This plugin has been closed as of October 8, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9518
NVD References:
Product: Internet-Formation Wp-Advanced-Search
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9796
NVD References: https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/
Product: Wordpress Pedalo Connector plugin
Active Installations: This plugin has been closed as of October 10, 2024 and is not available for download. This closure is permanent. Reason: Author Request.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9822
NVD References:
Product: The GutenKit Page Builder Blocks
Active Installations: 9,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9234
NVD References:
Product: ThemeHunk Hunk Companion plugin
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9707
NVD References:
Product: NinjaTeam Multi Step for Contact FormActive Installations: 10,000+CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47331NVD References: https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cveCVE-2024-48033 - Elie Burstein, Baptiste Gourdin Talkback is vulnerable to object injection due to deserialization of untrusted data from versions n/a through 1.0.Product: Elie Burstein, Baptiste Gourdin, TalkbackActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48033NVD References: https://patchstack.com/database/vulnerability/talkback-secure-linkback-protocol/wordpress-talkback-plugin-1-0-php-object-injection-vulnerability?_s_id=cveCVE-2024-9047 - The WordPress File Upload plugin is vulnerable to Path Traversal, allowing unauthenticated attackers to read or delete files outside of the originally intended directory.Product: WordPress File Upload pluginActive Installations: 20,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9047NVD References: - https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload- https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cveCVE-2024-9105 - The UltimateAI plugin for WordPress up to version 2.8.3 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.Product: WordPress UltimateAI pluginActive Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9105NVD References: - https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cveCVE-2024-9634 - The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable to PHP Object Injection and remote code execution through untrusted input in the give_company_name parameter.Product: GiveWP Donation Plugin for WordPressActive Installations: 100,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9634NVD References: - https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829- https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php- https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cveCVE-2024-47636 - Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection. This issue affects JobSearch: from n/a through 2.5.9.Product: Eyecix JobSearchActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cveCVE-2024-8884 - The vulnerability in Schneider Electric System Monitor application could lead to the exposure of credentials if an attacker gains access to the application over http.Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdfCVE-2024-3057 - A flaw exists in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.Product: Pure Storage FlashArrayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057NVD References: https://support.purestorage.com/category/m_pure_storage_product_securityCVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.Product: Anteeo AnteeoWMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349NVD References: - https://blog.cybergon.com/posts/cve-2024-44349/- https://cybergon.com/- https://github.com/AndreaF17/PoC-CVE-2024-44349CVE-2024-38124 - Windows Netlogon Elevation of Privilege VulnerabilityProduct: Microsoft Windows NetlogonCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution VulnerabilityProduct: Microsoft Configuration ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468NVD References: https://msrc.microsof…
Product: WordPress File Upload plugin
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9047
NVD References:
- https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload
Product: WordPress UltimateAI pluginActive Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9105NVD References: - https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cveCVE-2024-9634 - The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable to PHP Object Injection and remote code execution through untrusted input in the give_company_name parameter.Product: GiveWP Donation Plugin for WordPressActive Installations: 100,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9634NVD References: - https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829- https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php- https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cveCVE-2024-47636 - Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection. This issue affects JobSearch: from n/a through 2.5.9.Product: Eyecix JobSearchActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cveCVE-2024-8884 - The vulnerability in Schneider Electric System Monitor application could lead to the exposure of credentials if an attacker gains access to the application over http.Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series productsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdfCVE-2024-3057 - A flaw exists in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.Product: Pure Storage FlashArrayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057NVD References: https://support.purestorage.com/category/m_pure_storage_product_securityCVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.Product: Anteeo AnteeoWMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349NVD References: - https://blog.cybergon.com/posts/cve-2024-44349/- https://cybergon.com/- https://github.com/AndreaF17/PoC-CVE-2024-44349CVE-2024-38124 - Windows Netlogon Elevation of Privilege VulnerabilityProduct: Microsoft Windows NetlogonCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution VulnerabilityProduct: Microsoft Configuration ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468CVE-2024-45160 - LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication by using an empty client_secret parameter.Product: LemonLDAP::NGCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45160NVD References: - https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tagsCVE-2023-46586 - Weborf's cgi.c versions 0.17 through 0.20 do not properly terminate paths for CGI scripts, leading to potential security issues.Product: Weborf cgi.cCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46586NVD References: - https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d- https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991- https://github.com/ltworf/weborf/pull/88- https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4CVE-2024-25825 - FydeOS products were found to have a root password saved as a wildcard, enabling attackers to easily gain root access.Product: FydeOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25825NVD Re…
Product: Eyecix JobSearch
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636
NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cve
Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884
NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdf
Product: Pure Storage FlashArray
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057
NVD References: https://support.purestorage.com/category/m_pure_storage_product_security
Product: Anteeo AnteeoWMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349
NVD References:
Product: Microsoft Windows Netlogon
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124
Product: Microsoft Configuration Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468
Product: LemonLDAP::NG
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45160
NVD References:
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223
Product: Weborf cgi.c
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46586
NVD References:
- https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d
- https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991
- https://github.com/ltworf/weborf/pull/88
- https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4
Product: FydeOS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25825
NVD References:
- https://gist.github.com/hchasens/d20dff418f6908dc96e65f4e43a058f1
Product: Arm Trusted Firmware-M
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45746
NVD References:
Product: Palo Alto Networks Expedition
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9465
NVD References: https://security.paloaltonetworks.com/PAN-SA-2024-0010
Product: Indutny Elliptic
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48949
NVD References:
- https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281
- https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6
Product: Spring Boot
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9798
NVD References: https://github.com/zowe/api-layer
Product: Adobe Commerce
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45115
NVD References: https://helpx.adobe.com/security/products/magento/apsb24-73.html
Product: SEUR plugin
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9201
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-seur-plugin
Product: Codezips Online Shopping Portal
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9794
NVD References:
- https://github.com/ppp-src/CVE/issues/7
- https://vuldb.com/?ctiid.279947
Product: Codezips Pharmacy Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9813NVD References: - https://github.com/ppp-src/CVE/issues/10- https://vuldb.com/?ctiid.279965- https://vuldb.com/?id.279965- https://vuldb.com/?submit.418904CVE-2024-9811 - Restaurant Reservation System 1.0 is vulnerable to remote SQL injection through the manipulation of the argument company in filter3.php, with the exploit publicly disclosed.Product: Code-Projects Restaurant Reservation SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9811NVD References: - https://code-projects.org/- https://github.com/ppp-src/a/issues/24- https://vuldb.com/?ctiid.279963- https://vuldb.com/?id.279963- https://vuldb.com/?submit.418728CVE-2024-9812 - Crud Operation System 1.0 is vulnerable to a critical SQL injection flaw in delete.php's sid argument, allowing for remote attacks.Product: Code-Projects Crud Operation SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9812NVD References: - https://code-projects.org/- https://github.com/ppp-src/a/issues/25- https://vuldb.com/?ctiid.279964- https://vuldb.com/?id.279964- https://vuldb.com/?submit.418729CVE-2024-21534 - jsonpath-plus versions before 10.0.0 are vulnerable to Remote Code Execution (RCE) through unsafe default usage of vm in Node, allowing attackers to execute arbitrary code on the system.Product: jsonpath-plusCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21534NVD References: - https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884CVE-2024-47830 - Plane is vulnerable to wildcard support exploitation, allowing attackers to manipulate server requests through image retrieval.Product: PlaneCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47830NVD References: - https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1- https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348CVE-2024-47875 - DOMpurify had a nesting-based mXSS vulnerability that was fixed in versions 2.5.0 and 3.1.3.Product: DOMpurifyCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47875NVD References: - https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098- https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f- https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jfCVE-2024-46088 - Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 is vulnerable to arbitrary file uploads, allowing attackers to execute arbitrary code.Product: Zhejiang University Entersoft Customer Resource Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46088NVD References: - http://zhejiang.com- https://periwinkle-brother-031.notion.site/Analysis-of-any-file-upload-vulnerability-of-Zhejiang-University-Entersoft-Customer-Resource-Managem-0f88a0e77d6f4f638bc3c4e508a1e0ed- https://www.entersoft.cn/CVE-2024-48769 - An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.Product: BURG-WCHTER KG de.burgwachter.keyapp.appCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48769NVD References: - http://burg-wchter.com- http://deburgwachterkeyappapp.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/de.burgwachter.keyapp.app/de.burgwachter.keyapp.mdCVE-2024-48778 - GIANT MANUFACTURING CO., LTD RideLink 2.0.7 allows remote hackers to access sensitive information during firmware updates.Product: GIANT MANUFACTURING CO. LTD, RideLinkCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48778NVD References: - http://giant.com- http://ridelink.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/tw.giant.ridelink/tw.giant.ridelink.mdCVE-2024-48784 - SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to access sensitive information during firmware updates.Product: SAMPMAX homemaxCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48784NVD References: - http://comsampmaxhomemax.com- http://sampmax.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.sampmax.homemax/com.sampmax.homemax.mdCVE-2024-48786 - SwitchBot INC SwitchBot 5.0.4 allows a remote attacker to access sensitive information during firmware updates.Product: SwitchBotCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48786NVD References: - http://switchbot.com- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.theswitchbot.switchbot/com.theswitchbot.switchbot.mdCVE-2024-48787 - Revic Optics Revic Ops 1.12.5 allows a remote attacker to obtain sensitive information through the firmware update process.Product: …
Product: Code-Projects Crud Operation System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9812
NVD References:
- https://github.com/ppp-src/a/issues/25
- https://vuldb.com/?ctiid.279964
Product: jsonpath-plus
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21534
NVD References:
- https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3
- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
Product: Plane
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47830
NVD References:
- https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1
- https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348
Product: DOMpurify
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47875
NVD References:
- https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
- https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
Product: Zhejiang University Entersoft Customer Resource Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46088
NVD References:
Product: BURG-WCHTER KG de.burgwachter.keyapp.app
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48769
NVD References:
Product: GIANT MANUFACTURING CO. LTD, RideLink
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48778
NVD References:
Product: SAMPMAX homemax
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48784
NVD References:
Product: SwitchBot
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48786
NVD References:
Product: Revic Optics Revic Ops
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48787
NVD References:
Product: C-CHIP cchipamaota
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48772
NVD References:
- http://comcchipcchipamaota.com
Product: TEAMPLUS TECHNOLOGY The Team+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9921
NVD References:
Product: Hgiga OAKlouds
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9924
NVD References:
Product: D-Link DIR-820L
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48150
NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DIR-820L/D-Link%20DIR-820L%20Stack%20Overflow%20Vulnerability.md
Product: D-Link DCS-960L
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48168
NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md
Product: Jepaas v7.2.8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46535
NVD References: https://gitee.com/ketr/jepaas-release/issues/IAPJ8H?from=project-issue
Product: Nagios XI
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48082
NVD References: https://www.nagios.com/change-log/
Product: Automatic Systems Maintenance SlimLane
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48823
NVD References: https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/
Product: ChanGate Property Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9972
NVD References:
Product: Esi Technology AIM LINE Marketing Platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9982
NVD References:
Product: TAI Smart Factory QPLANT SF
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9925
NVD References: https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory
Product: Ragic Enterprise Cloud Database
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9984
NVD References:
Product: Ragic Enterprise Cloud Database
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9985
NVD References:
Product: Rittal IoT Interface & CMC III Processing Unit
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47945
NVD References:
Product: Oretnom23 Online_Eyewear_Shop 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9973
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9974
NVD References: https://gist.github.com/higordiego/b9699573de61b26f2290e69f38d23fd0
NVD References: https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48
NVD References: https://vuldb.com/?ctiid.280338
NVD References: https://vuldb.com/?id.280338
NVD References: https://vuldb.com/?submit.423167
NVD References: https://vuldb.com/?ctiid.280339
NVD References: https://vuldb.com/?id.280339
NVD References: https://vuldb.com/?submit.423231
NVD References: https://www.sourcecodester.com/
Product: Siemens SCALANCE X-200
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45274
NVD References:
- https://cert.vde.com/en/advisories/VDE-2024-056
- https://cert.vde.com/en/advisories/VDE-2024-066
CVE-2024-45275 - Axis Communications AXIS Camera Station devices have two hard coded user accounts with hardcoded passwords, allowing unauthenticated remote attackers full control.
Product: Axis Communications AXIS Camera Station
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45275
NVD References:
- https://cert.vde.com/en/advisories/VDE-2024-056
- https://cert.vde.com/en/advisories/VDE-2024-066
CVE-2024-48283 - Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection through the searchkey parameter in /admin//search-result.php.
Product: Phpgurukul User Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48283
CVE-2024-48914 - Vendure is vulnerable to a traversal attack in versions prior to 3.0.5 and 2.3.3, allowing an attacker to access sensitive server files and potentially crash the server.
Product: Vendure's asset server plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48914
NVD References:
- https://github.com/vendure-ecommerce/vendure/commit/e2ee0c43159b3d13b51b78654481094fdd4850c5
- https://github.com/vendure-ecommerce/vendure/commit/e4b58af6822d38a9c92a1d8573e19288b8edaa1c
- https://github.com/vendure-ecommerce/vendure/security/advisories/GHSA-r9mq-3c9r-fmjq
CVE-2024-21172 - Oracle Hospitality OPERA 5 product is vulnerable to a difficult to exploit unauthenticated network attack that can result in a takeover of the system.
Product: Oracle Hospitality OPERA 5
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21172
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-21216 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.
Product: Oracle WebLogic Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21216
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-9486 - Kubernetes Image Builder allows default credentials to enable root access on nodes using Proxmox provider virtual machine images.
Product: Kubernetes Image Builder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9486
NVD References:
- https://github.com/kubernetes-sigs/image-builder/pull/1595
- https://github.com/kubernetes/kubernetes/issues/128006
- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ
Product: Phpgurukul User Management System
CVSS Score: 9.8
Product: Vendure's asset server plugin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48914
NVD References:
- https://github.com/vendure-ecommerce/vendure/commit/e2ee0c43159b3d13b51b78654481094fdd4850c5
- https://github.com/vendure-ecommerce/vendure/commit/e4b58af6822d38a9c92a1d8573e19288b8edaa1c
- https://github.com/vendure-ecommerce/vendure/security/advisories/GHSA-r9mq-3c9r-fmjq
Product: Oracle Hospitality OPERA 5
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21172
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
Product: Oracle WebLogic Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21216
NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html
Product: Kubernetes Image Builder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9486
NVD References:
- https://github.com/kubernetes-sigs/image-builder/pull/1595
- https://github.com/kubernetes/kubernetes/issues/128006
- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ
Webcast: General Quarters! The Impact of Cybersecurity on the Maritime Industry | Today! October 17, 11:30 ET | In this webcast, SANS experts will explore the critical role of cybersecurity in safeguarding maritime operations. Save your seat today!
2025 SANS Detection Engineering Survey |This survey aims to understand the current landscape of Detection Engineering, capturing the experiences, challenges, and aspirations of professionals in the field. Our goal is to provide insights that will benefit the entire cybersecurity community while highlighting the evolving nature of detection strategies in modern environments. Complete the survey for a chance to win a $250 Amazon gift card!
2025 SANS Detection Engineering Survey |This survey aims to understand the current landscape of Detection Engineering, capturing the experiences, challenges, and aspirations of professionals in the field. Our goal is to provide insights that will benefit the entire cybersecurity community while highlighting the evolving nature of detection strategies in modern environments. Complete the survey for a chance to win a $250 Amazon gift card!
2025 SANS Detection Engineering Survey |This survey aims to understand the current landscape of Detection Engineering, capturing the experiences, challenges, and aspirations of professionals in the field. Our goal is to provide insights that will benefit the entire cybersecurity community while highlighting the evolving nature of detection strategies in modern environments. Complete the survey for a chance to win a $250 Amazon gift card!