Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Angular-base64-update Demo Script Exploited (CVE-2024-42640)

Published: 2024-10-15.

Last Updated: 2024-10-15 15:08:01 UTC

by Johannes Ullrich (Version: 1)

Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.

Sadly, the project is also no longer maintained. But a patch is not needed. Removing the vulnerable script (and likely the entire demo folder) should be an appropriate response.

Shortly after the blog post's publication, we detected exploit attempts in our web honeypot logs. On October 14th, we saw about 3,000 scans for ...

[1] https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html

Read the complete entry:

https://isc.sans.edu/diary/Angularbase64update+Demo+Script+Exploited+CVE202442640/31354/

Phishing Page Delivered Through a Blob URL

Published: 2024-10-14.

Last Updated: 2024-10-14 07:37:44 UTC

by Xavier Mertens (Version: 1)

I receive a lot of spam in my catch-all mailboxes. If most of them are not interesting, some still attract my attention. Especially the one that I'll describe in this diary. The scenario is classic, an important document is pending delivery but... the victim needs to authenticate to get the precious! As you can see in the screenshot below, the phishing kit supports well-known service providers ...

But check carefully the URL: It starts with "blob:"! Usually, BLOBs are used to represent "Binary Large OBjects". In the context of a browser, an object URL[1] is a pseudo protocol to allow blob and file objects to be used as URL sources for things like images, download links for binary data, and so forth. It's part of the URL specification for handling binary data that needs to be referenced or accessed as an actual file, even if it doesn't exist as a physical file on a server.

In the context of this phishing kit, the attacker generated the landing page in a blob to remain stealthy. Let's have a look at the code ...

[1] https://en.wikipedia.org/wiki/Blob_URI_scheme

Read the complete entry:

https://isc.sans.edu/diary/Phishing+Page+Delivered+Through+a+Blob+URL/31350/

Internet Storm Center Entries


Wireshark 4.4.1 Released (2024.10.13)

https://isc.sans.edu/diary/Wireshark+441+Released/31346/

Microsoft Patch Tuesday - October 2024 (2024.10.08)

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2024/31336/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-23113 - Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 are vulnerable to a use of externally-controlled format string, enabling an attacker to execute unauthorized code or commands via specially crafted packets.

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2024-10-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23113

ISC Podcast: https://isc.sans.edu/podcastdetail/9174

CVE-2024-9680 - Firefox is vulnerable to code execution in the content process through a use-after-free in Animation timelines, with reports of exploitation in the wild, affecting versions up to Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1.

Product: Mozilla Firefox

CVSS Score: 9.8

** KEV since 2024-10-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9680

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1923344

- https://www.mozilla.org/security/advisories/mfsa2024-51/

- https://www.mozilla.org/security/advisories/mfsa2024-52/

CVE-2024-9164 - GitLab EE is vulnerable to issues that allow running pipelines on arbitrary branches in versions between 12.5 and 17.4.2.

Product: GitLab EE

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9164

ISC Podcast: https://isc.sans.edu/podcastdetail/9176

NVD References:

- https://gitlab.com/gitlab-org/gitlab/-/issues/493946

- https://hackerone.com/reports/2711204

CVE-2024-42640 - Angular-base64-upload prior to v0.1.21 allows unauthenticated remote code execution via demo/server.php, enabling attackers to upload and execute arbitrary content on the server.

Product: Angular base64-upload

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42640

ISC Podcast: https://isc.sans.edu/podcastdetail/9182

NVD References:

- https://github.com/adonespitogo/angular-base64-upload

- https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html

CVE-2024-9379 - Ivanti CSA before version 5.0.2 is vulnerable to SQL injection by remote authenticated attackers with admin privileges.

Product: Ivanti Endpoint Manager Cloud Services Appliance (CSA)

CVSS Score: 7.2

** KEV since 2024-10-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9379

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

CVE-2024-9380 - Ivanti CSA before version 5.0.2 is vulnerable to OS command injection in the admin web console, enabling a remote authenticated attacker to execute remote code with admin privileges.

Product: Ivanti Endpoint Manager Cloud Services Appliance (CSA)

CVSS Score: 7.2

** KEV since 2024-10-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9380

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

CVE-2024-43572 - Microsoft Management Console Remote Code Execution Vulnerability

Product: Microsoft Windows 10 1809

CVSS Score: 7.8

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43572

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572

CVE-2024-43573 - Windows MSHTML Platform Spoofing Vulnerability

Product: Microsoft Windows 10 22H2

CVSS Score: 8.1

** KEV since 2024-10-08 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43573

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573

CVE-2024-41798 - SENTRON 7KM PAC3200 (All versions) devices are vulnerable to unauthorized administrative access through the Modbus TCP interface due to a weak 4-digit PIN protection.

Product: Siemens SENTRON 7KM PAC3200

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41798

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-850560.html

CVE-2024-47553 - Siemens SINEC Security Monitor (< V4.9.0) allows authenticated attackers to execute arbitrary code with root privileges through insufficient validation of user input in the ```ssmctl-client``` command.

Product: Siemens SINEC Security Monitor

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47553

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-430425.html

CVE-2024-8911 - The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11, allowing unauthenticated attackers to potentially take over administrator accounts.

Product: LatePoint plugin for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8911

NVD References:

- https://wpdocs.latepoint.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve

CVE-2024-8943 - The LatePoint plugin for WordPress is vulnerable to authentication bypass up to version 5.0.12, allowing unauthenticated attackers to log in as any existing user on the site if they have access to the user id.

Product: LatePoint plugin for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8943

NVD References:

- https://wpdocs.latepoint.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve

CVE-2024-9518 - The UserPlus plugin for WordPress allows unauthenticated attackers to escalate their privileges by manipulating user role parameters during registration.

Product: WP UserPlus plugin

Active Installations: This plugin has been closed as of October 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9518

NVD References:

- https://plugins.trac.wordpress.org/browser/userplus/trunk/functions/user-functions.php?rev=1604604#L47

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve

CVE-2024-9796 - The WP-Advanced-Search WordPress plugin is vulnerable to SQL injection attacks due to lack of sanitization in the t parameter before using it in a SQL statement.

Product: Internet-Formation Wp-Advanced-Search

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9796

NVD References: https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/

CVE-2024-9822 - The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass up to version 2.0.5, allowing unauthenticated attackers to log in as the first user, often the administrator.

Product: Wordpress Pedalo Connector plugin

Active Installations: This plugin has been closed as of October 10, 2024 and is not available for download. This closure is permanent. Reason: Author Request.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9822

NVD References:

- https://plugins.trac.wordpress.org/browser/pedalo-connector/tags/2.0.5/public/class-pedalo_connector-public.php#L118

- https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca?source=cve

CVE-2024-9234 - The GutenKit plugin for WordPress allows unauthenticated attackers to upload arbitrary files through a missing capability check in the install-active-plugin REST API endpoint.

Product: The GutenKit Page Builder Blocks

Active Installations: 9,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9234

NVD References:

- https://github.com/WordPressBugBounty/plugins-gutenkit-blocks-addon/blob/dc3738bb821cf1d93a11379b8695793fa5e1b9e6/gutenkit-blocks-addon/includes/Admin/Api/ActivePluginData.php#L76

- https://plugins.trac.wordpress.org/browser/gutenkit-blocks-addon/tags/2.1.0/includes/Admin/Api/ActivePluginData.php?rev=3159783#L76

- https://plugins.trac.wordpress.org/browser/gutenkit-blocks-addon/tags/2.1.1/includes/Admin/Api/ActivePluginData.php?rev=3164886

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=cve

CVE-2024-9707 - The Hunk Companion plugin for WordPress allows unauthorized plugin installation/activation through a missing capability check, posing a risk of remote code execution.

Product: ThemeHunk Hunk Companion plugin

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9707

NVD References:

- https://github.com/WordPressBugBounty/plugins-hunk-companion/blob/5a3cedc7b3d35d407b210e691c53c6cb400e4051/hunk-companion/import/app/app.php#L46

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3166501%40hunk-companion&new=3166501%40hunk-companion&sfp_email=&sfph_mail=

- https://wordpress.org/plugins/hunk-companion/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=cve

CVE-2024-47331 - NinjaTeam Multi Step for Contact Form suffers from an SQL Injection vulnerability in versions up to 2.7.7.

Product: NinjaTeam Multi Step for Contact Form

Active Installations: 10,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47331

NVD References: https://patchstack.com/database/vulnerability/cf7-multi-step/wordpress-multi-step-for-contact-form-plugin-2-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cve

CVE-2024-48033 - Elie Burstein, Baptiste Gourdin Talkback is vulnerable to object injection due to deserialization of untrusted data from versions n/a through 1.0.

Product: Elie Burstein, Baptiste Gourdin, Talkback

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48033

NVD References: https://patchstack.com/database/vulnerability/talkback-secure-linkback-protocol/wordpress-talkback-plugin-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-9047 - The WordPress File Upload plugin is vulnerable to Path Traversal, allowing unauthenticated attackers to read or delete files outside of the originally intended directory.

Product: WordPress File Upload plugin

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9047

NVD References:

- https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload

- https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve

CVE-2024-9105 - The UltimateAI plugin for WordPress up to version 2.8.3 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.

Product: WordPress UltimateAI plugin

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9105

NVD References:

- https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cve

CVE-2024-9634 - The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable to PHP Object Injection and remote code execution through untrusted input in the give_company_name parameter.

Product: GiveWP Donation Plugin for WordPress

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9634

NVD References:

- https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829

- https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cve

CVE-2024-47636 - Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection. This issue affects JobSearch: from n/a through 2.5.9.

Product: Eyecix JobSearch

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47636

NVD References: https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-wp-jobsearch-plugin-2-5-9-php-object-injection-vulnerability?_s_id=cve

CVE-2024-8884 - The vulnerability in Schneider Electric System Monitor application could lead to the exposure of credentials if an attacker gains access to the application over http.

Product: Schneider Electric System Monitor application of Harmony Industrial PC Series and Pro-face PS5000 trusted Legacy industrial PC Series products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8884

NVD References: https://download.schneider-electric.com/doc/SEVD-2024-282-07/SEVD-2024-282-07.pdf

CVE-2024-3057 - A flaw exists in Pure Storage FlashArray whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Product: Pure Storage FlashArray

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3057

NVD References: https://support.purestorage.com/category/m_pure_storage_product_security

CVE-2024-44349 - AnteeoWMS before v4.7.34 is vulnerable to a SQL injection attack in the login portal, allowing attackers to execute arbitrary SQL commands and access certain data in the database without authentication.

Product: Anteeo AnteeoWMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44349

NVD References:

- https://blog.cybergon.com/posts/cve-2024-44349/

- https://cybergon.com/

- https://github.com/AndreaF17/PoC-CVE-2024-44349

CVE-2024-38124 - Windows Netlogon Elevation of Privilege Vulnerability

Product: Microsoft Windows Netlogon

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38124

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38124

CVE-2024-43468 - Microsoft Configuration Manager Remote Code Execution Vulnerability

Product: Microsoft Configuration Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43468

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

CVE-2024-45160 - LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication by using an empty client_secret parameter.

Product: LemonLDAP::NG

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45160

NVD References:

- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2

- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7

- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d

- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3223

- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags

CVE-2023-46586 - Weborf's cgi.c versions 0.17 through 0.20 do not properly terminate paths for CGI scripts, leading to potential security issues.

Product: Weborf cgi.c

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46586

NVD References:

- https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d

- https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991

- https://github.com/ltworf/weborf/pull/88

- https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4

CVE-2024-25825 - FydeOS products were found to have a root password saved as a wildcard, enabling attackers to easily gain root access.

Product: FydeOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25825

NVD References:

- https://fydeos.io/

- https://gist.github.com/hchasens/d20dff418f6908dc96e65f4e43a058f1

- https://github.com/openFyde/

- https://openfyde.io/

CVE-2024-45746 - Trusted Firmware-M through 2.1.0 allows for remote code execution due to unchecked pointers in user-provided mailbox messages.

Product: Arm Trusted Firmware-M

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45746

NVD References:

- https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html

- https://www.trustedfirmware.org/projects/tf-m/

CVE-2024-9465 - Palo Alto Networks Expedition is vulnerable to an SQL injection, enabling unauthenticated attackers to access sensitive database information and exploit system files.

Product: Palo Alto Networks Expedition

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9465

NVD References: https://security.paloaltonetworks.com/PAN-SA-2024-0010

CVE-2024-48949 - The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

Product: Indutny Elliptic

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48949

NVD References:

- https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281

- https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6

CVE-2024-9798 - The health endpoint in Spring Boot is public in the vulnerable product, exposing a list of all services and providing potentially valuable information for attackers.

Product: Spring Boot

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9798

NVD References: https://github.com/zowe/api-layer

CVE-2024-45115 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability allowing attackers to gain unauthorized access or elevated privileges without user interaction.

Product: Adobe Commerce

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45115

NVD References: https://helpx.adobe.com/security/products/magento/apsb24-73.html

CVE-2024-9201 - The SEUR plugin is vulnerable to time-based SQL injection through the 'id_order' parameter of the '/modules/seur/ajax/saveCodFee.php' endpoint in versions prior to 2.5.11.

Product: SEUR plugin

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9201

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-seur-plugin

CVE-2024-9794 - Codezips Online Shopping Portal 1.0 is vulnerable to a critical unrestricted upload issue in /update-image1.php, allowing for remote initiation of attacks.

Product: Codezips Online Shopping Portal

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9794

NVD References:

- https://github.com/ppp-src/CVE/issues/7

- https://vuldb.com/?ctiid.279947

- https://vuldb.com/?id.279947

- https://vuldb.com/?submit.417583

CVE-2024-9813 - Codezips Pharmacy Management System 1.0 is vulnerable to SQL injection through manipulation of the argument category in product/register.php, allowing remote attackers to exploit the system.

Product: Codezips Pharmacy Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9813

NVD References:

- https://github.com/ppp-src/CVE/issues/10

- https://vuldb.com/?ctiid.279965

- https://vuldb.com/?id.279965

- https://vuldb.com/?submit.418904

CVE-2024-9811 - Restaurant Reservation System 1.0 is vulnerable to remote SQL injection through the manipulation of the argument company in filter3.php, with the exploit publicly disclosed.

Product: Code-Projects Restaurant Reservation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9811

NVD References:

- https://code-projects.org/

- https://github.com/ppp-src/a/issues/24

- https://vuldb.com/?ctiid.279963

- https://vuldb.com/?id.279963

- https://vuldb.com/?submit.418728

CVE-2024-9812 - Crud Operation System 1.0 is vulnerable to a critical SQL injection flaw in delete.php's sid argument, allowing for remote attacks.

Product: Code-Projects Crud Operation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9812

NVD References:

- https://code-projects.org/

- https://github.com/ppp-src/a/issues/25

- https://vuldb.com/?ctiid.279964

- https://vuldb.com/?id.279964

- https://vuldb.com/?submit.418729

CVE-2024-21534 - jsonpath-plus versions before 10.0.0 are vulnerable to Remote Code Execution (RCE) through unsafe default usage of vm in Node, allowing attackers to execute arbitrary code on the system.

Product: jsonpath-plus

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21534

NVD References:

- https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3

- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884

CVE-2024-47830 - Plane is vulnerable to wildcard support exploitation, allowing attackers to manipulate server requests through image retrieval.

Product: Plane

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47830

NVD References:

- https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1

- https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348

CVE-2024-47875 - DOMpurify had a nesting-based mXSS vulnerability that was fixed in versions 2.5.0 and 3.1.3.

Product: DOMpurify

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47875

NVD References:

- https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

- https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

- https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

CVE-2024-46088 - Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 is vulnerable to arbitrary file uploads, allowing attackers to execute arbitrary code.

Product: Zhejiang University Entersoft Customer Resource Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46088

NVD References:

- http://zhejiang.com

- https://periwinkle-brother-031.notion.site/Analysis-of-any-file-upload-vulnerability-of-Zhejiang-University-Entersoft-Customer-Resource-Managem-0f88a0e77d6f4f638bc3c4e508a1e0ed

- https://www.entersoft.cn/

CVE-2024-48769 - An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.

Product: BURG-WCHTER KG de.burgwachter.keyapp.app

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48769

NVD References:

- http://burg-wchter.com

- http://deburgwachterkeyappapp.com

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/de.burgwachter.keyapp.app/de.burgwachter.keyapp.md

CVE-2024-48778 - GIANT MANUFACTURING CO., LTD RideLink 2.0.7 allows remote hackers to access sensitive information during firmware updates.

Product: GIANT MANUFACTURING CO. LTD, RideLink

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48778

NVD References:

- http://giant.com

- http://ridelink.com

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/tw.giant.ridelink/tw.giant.ridelink.md

CVE-2024-48784 - SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to access sensitive information during firmware updates.

Product: SAMPMAX homemax

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48784

NVD References:

- http://comsampmaxhomemax.com

- http://sampmax.com

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.sampmax.homemax/com.sampmax.homemax.md

CVE-2024-48786 - SwitchBot INC SwitchBot 5.0.4 allows a remote attacker to access sensitive information during firmware updates.

Product: SwitchBot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48786

NVD References:

- http://switchbot.com

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.theswitchbot.switchbot/com.theswitchbot.switchbot.md

CVE-2024-48787 - Revic Optics Revic Ops 1.12.5 allows a remote attacker to obtain sensitive information through the firmware update process.

Product: Revic Optics Revic Ops

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48787

NVD References:

- http://revic.com

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/us.revic.revicops/us.revic.revicops.md

CVE-2024-48772 - An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.

Product: C-CHIP cchipamaota

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48772

NVD References:

- http://comcchipcchipamaota.com

- http://www.c-chip.com.cn/english/

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.cchip.cchippamaota/com.cchip.cchipamaota.md

CVE-2024-9921 - TEAMPLUS TECHNOLOGY's The Team+ does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands.

Product: TEAMPLUS TECHNOLOGY The Team+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9921

NVD References:

- https://www.twcert.org.tw/en/cp-139-8125-4a1ad-2.html

- https://www.twcert.org.tw/tw/cp-132-8124-d9b92-1.html

CVE-2024-9924 - OAKlouds from Hgiga remains vulnerable to unauthenticated remote attackers downloading arbitrary system files despite the incomplete fix for CVE-2024-26261.

Product: Hgiga OAKlouds

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9924

NVD References:

- https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html

- https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html

CVE-2024-9137 - Moxa service in the affected product lacks an authentication check, allowing attackers to execute commands and compromise the system.

Product: Moxa Service

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9137

NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances

CVE-2024-48150 - D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.

Product: D-Link DIR-820L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48150

NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DIR-820L/D-Link%20DIR-820L%20Stack%20Overflow%20Vulnerability.md

CVE-2024-48168 - D-Link DCS-960L 1.09 is susceptible to a stack overflow vulnerability in its sub_402280 function of the HNAP service, enabling remote code execution.

Product: D-Link DCS-960L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48168

NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md

CVE-2024-46535 - Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.

Product: Jepaas v7.2.8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46535

NVD References: https://gitee.com/ketr/jepaas-release/issues/IAPJ8H?from=project-issue

CVE-2023-48082 - Nagios XI before 5.11.3 2024R1 is vulnerable to improperly generated API keys, potentially leading to authentication bypass for all users.

Product: Nagios XI

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48082

NVD References: https://www.nagios.com/change-log/

CVE-2024-48823 - Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.

Product: Automatic Systems Maintenance SlimLane

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48823

NVD References: https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/

CVE-2024-9972 - ChanGate's Property Management System is vulnerable to SQL Injection, enabling remote attackers to manipulate database contents without authentication.

Product: ChanGate Property Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9972

NVD References:

- https://www.twcert.org.tw/en/cp-139-8141-9b045-2.html

- https://www.twcert.org.tw/tw/cp-132-8140-ee91e-1.html

CVE-2024-9982 - AIM LINE Marketing Platform from Esi Technology is vulnerable to injection attacks, allowing unauthenticated remote attackers to manipulate database content when the LINE Campaign Module is enabled.

Product: Esi Technology AIM LINE Marketing Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9982

NVD References:

- https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html

- https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html

CVE-2024-9925 - TAI Smart Factory's QPLANT SF version 1.0 is vulnerable to SQL injection, allowing remote attackers to retrieve database information via a specially crafted SQL query on the ‘email’ parameter.

Product: TAI Smart Factory QPLANT SF

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9925

NVD References: https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory

CVE-2024-9984 - Ragic Enterprise Cloud Database allows unauthenticated remote attackers to obtain user session cookies through unauthenticated access to specific functionality.

Product: Ragic Enterprise Cloud Database

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9984

NVD References:

- https://www.twcert.org.tw/en/cp-139-8151-1a4b5-2.html

- https://www.twcert.org.tw/tw/cp-132-8150-c955a-1.html

CVE-2024-9985 - Enterprise Cloud Database from Ragic allows attackers to upload a webshell and execute arbitrary code due to lack of file type validation.

Product: Ragic Enterprise Cloud Database

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9985

NVD References:

- https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html

- https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html

CVE-2024-47945 - Rittal IoT Interface & CMC III Processing Unit devices are vulnerable to session hijacking due to predictable session IDs with insufficient entropy, allowing attackers to pre-generate valid IDs and gain unauthorized access to user sessions.

Product: Rittal IoT Interface & CMC III Processing Unit

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47945

NVD References:

- https://r.sec-consult.com/rittaliot

- https://www.rittal.com/de-de/products/deep/3124300

CVE-2024-9973 & CVE-2024-9974 - SourceCodester Online Eyewear Shop 1.0 critical SQL injection vulnerabilities

Product: Oretnom23 Online_Eyewear_Shop 1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9973

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9974

NVD References: https://gist.github.com/higordiego/b9699573de61b26f2290e69f38d23fd0

NVD References: https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48

NVD References: https://vuldb.com/?ctiid.280338

NVD References: https://vuldb.com/?id.280338

NVD References: https://vuldb.com/?submit.423167

NVD References: https://vuldb.com/?ctiid.280339

NVD References: https://vuldb.com/?id.280339

NVD References: https://vuldb.com/?submit.423231

NVD References: https://www.sourcecodester.com/

CVE-2024-45274 - An unauthenticated remote attacker can execute OS commands via UDP on Siemens SCALANCE X-200 devices due to missing authentication.

Product: Siemens SCALANCE X-200

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45274

NVD References:

- https://cert.vde.com/en/advisories/VDE-2024-056

- https://cert.vde.com/en/advisories/VDE-2024-066

CVE-2024-45275 - Axis Communications AXIS Camera Station devices have two hard coded user accounts with hardcoded passwords, allowing unauthenticated remote attackers full control.

Product: Axis Communications AXIS Camera Station

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45275

NVD References:

- https://cert.vde.com/en/advisories/VDE-2024-056

- https://cert.vde.com/en/advisories/VDE-2024-066

CVE-2024-48283 - Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection through the searchkey parameter in /admin//search-result.php.

Product: Phpgurukul User Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48283

NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/SQL%20Injection%20-%20Search.md

CVE-2024-48914 - Vendure is vulnerable to a traversal attack in versions prior to 3.0.5 and 2.3.3, allowing an attacker to access sensitive server files and potentially crash the server.

Product: Vendure's asset server plugin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48914

NVD References:

- https://github.com/vendure-ecommerce/vendure/blob/801980e8f599c28c5059657a9d85dd03e3827992/packages/asset-server-plugin/src/plugin.ts#L352-L358

- https://github.com/vendure-ecommerce/vendure/commit/e2ee0c43159b3d13b51b78654481094fdd4850c5

- https://github.com/vendure-ecommerce/vendure/commit/e4b58af6822d38a9c92a1d8573e19288b8edaa1c

- https://github.com/vendure-ecommerce/vendure/security/advisories/GHSA-r9mq-3c9r-fmjq

CVE-2024-21172 - Oracle Hospitality OPERA 5 product is vulnerable to a difficult to exploit unauthenticated network attack that can result in a takeover of the system.

Product: Oracle Hospitality OPERA 5

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21172

NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html

CVE-2024-21216 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.

Product: Oracle WebLogic Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21216

NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html

CVE-2024-9486 - Kubernetes Image Builder allows default credentials to enable root access on nodes using Proxmox provider virtual machine images.

Product: Kubernetes Image Builder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9486

NVD References:

- https://github.com/kubernetes-sigs/image-builder/pull/1595

- https://github.com/kubernetes/kubernetes/issues/128006

- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ