@RISK

The Consensus Security Vulnerability Alert

October 31, 2024  |  Vol. 24, Num. 43

Internet Storm Center Entries


ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Updates Everything

Published: 2024-10-28.

Last Updated: 2024-10-28 20:34:12 UTC

by Johannes Ullrich (Version: 1)

Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is iOS 18.1, which includes the AI features. Same for users of macOS 15 Sequoia. For older operating systems versions (iOS 17, macOS 13, and 14), patches are made available, addressing only the security issues.

None of the vulnerabilities is marked as already exploited. The update fixes several lock screen bypass issues and cross-application/sandbox escape issues. Overall, I didn't spot a "mast patch now" issue. Many of the lock screen bypass issues can often be eliminated.

Apple patched a total of 67 vulnerabilities.

Breakdown of vulnerabilities by operating system ...

Read the complete entry:

https://isc.sans.edu/diary/Apple+Updates+Everything/31390/

Development Features Enabled in Production

Published: 2024-10-24.

Last Updated: 2024-10-24 17:06:30 UTC

by Johannes Ullrich (Version: 1)

We do keep seeing attackers "poking around" looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the application. In their simplest form, these features provide detailed configuration information. More severe cases may leak credentials or even provide full remote code execution access.

Here are some I noted today ...

Read the complete entry:

https://isc.sans.edu/diary/Development+Features+Enabled+in+Prodcution/31380/

Recent CVEs


Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials (2024.10.28)

https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/

Two currently (old) exploited Ivanti vulnerabilities (2024.10.27)

https://isc.sans.edu/diary/Two+currently+old+exploited+Ivanti+vulnerabilities/31384/

Prevalent Malware Files


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-38821 - Spring WebFlux applications with Spring Security authorization rules on static resources can be bypassed when certain conditions are met.

Product: Spring WebFlux

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38821

ISC Podcast: https://isc.sans.edu/podcastdetail/9202

NVD References: https://spring.io/security/cve-2024-38821

CVE-2024-37383 - Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

Product: Roundcube Webmail

CVSS Score: 0

** KEV since 2024-10-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37383

ISC Podcast: https://isc.sans.edu/podcastdetail/9192

CVE-2024-47575 - FortiManager versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.12, Fortinet FortiManager Cloud versions 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, and 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 are vulnerable to a missing authentication flaw that allows an attacker to execute arbitrary code or commands via specially crafted requests.

Product: Fortinet FortiManager

CVSS Score: 9.8

** KEV since 2024-10-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47575

NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-423

CVE-2024-10327 - Okta Verify for iOS versions 9.25.1 and 9.27.0 allows push notification responses to override user selection, potentially compromising authentication.

Product: Okta Verify

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10327

ISC Podcast: https://isc.sans.edu/podcastdetail/9198

NVD References:

- https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2

- https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/

CVE-2024-40867 - iOS and iPadOS were vulnerable to a custom URL scheme handling issue, allowing remote attackers to escape the Web Content sandbox, which is fixed in versions 18.1.

Product: Apple iOS and iPadOS

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40867

ISC Diary: https://isc.sans.edu/diary/31390

NVD References: https://support.apple.com/en-us/121563

CVE-2024-44256 - macOS Ventura and macOS Sonoma versions 13.7.1 and 14.7.1 fix an issue where an app could potentially break out of its sandbox due to improved input sanitization.

Product: Apple macOS Ventura and macOS Sonoma

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44256

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121568

- https://support.apple.com/en-us/121570

CVE-2023-46805 - Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Product: Ivanti Policy_Secure 22.6

CVSS Score: 0

** KEV since 2024-01-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46805

ISC Diary: https://isc.sans.edu/diary/31384

CVE-2024-21887 - Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Product: Ivanti Policy_Secure 22.6

CVSS Score: 0

** KEV since 2024-01-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21887

ISC Diary: https://isc.sans.edu/diary/31384

CVE-2024-20481 - Cisco's Remote Access VPN (RAVPN) service in ASA Software and FTD Software is vulnerable to a DoS attack through resource exhaustion caused by sending a large number of VPN authentication requests.

Product: Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software

CVSS Score: 5.8 AtRiskScore 35

** KEV since 2024-10-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20481

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW

CVE-2024-20329 - Cisco ASA Software is vulnerable to a flaw in the SSH subsystem that could enable an authenticated attacker to execute commands as root.

Product: Cisco Adaptive Security Appliance (ASA) Software

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20329

NVD References:

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF

- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO

- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300

CVE-2024-20412 - Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series is vulnerable to unauthorized access due to static credentials.

Product: Cisco Firepower Threat Defense (FTD) Software

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20412

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5

CVE-2024-20424 - Cisco Secure Firewall Management Center (FMC) Software is vulnerable to authenticated remote attackers executing arbitrary commands as root due to insufficient input validation in its web-based management interface.

Product: Cisco Secure Firewall Management Center (FMC) Software

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20424

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7

CVE-2024-38002 - Liferay Portal and Liferay DXP versions 7.3.2 through 7.4.3.111 have a vulnerability that lets remote authenticated users modify workflow definitions and execute arbitrary code (RCE) via the headless API.

Product: Liferay Portal

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38002

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002

CVE-2024-8980 - The Script Console in Liferay Portal versions 7.0.0 through 7.4.3.101, and Liferay DXP versions 2023.Q3.1 through 2023.Q3.4, is vulnerable to Cross-Site Request Forgery (CSRF) attacks, enabling remote attackers to execute arbitrary Groovy script via a crafted URL or XSS vulnerability.

Product: Liferay Portal

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8980

NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980

CVE-2024-43177 - IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

Product: IBM Concert

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43177

NVD References: https://www.ibm.com/support/pages/node/7173596

CVE-2024-46538 - Pfsense v2.5.2 contains an XSS vulnerability in interfaces_groups_edit.php that permits execution of arbitrary web scripts or HTML by injecting a crafted payload into the $pconfig variable.

Product: Pfsense

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46538

NVD References:

- https://github.com/physicszq/web_issue/blob/main/pfsense/interfaces_groups_edit_file.md_xss.md

- https://redmine.pfsense.org/issues/15778

CVE-2024-46902 - Trend Micro Deep Discovery Inspector versions 5.8 and above has a vulnerability that could disclose sensitive information if an attacker gains admin user rights on the target system.

Product: Trend Micro Deep Discovery Inspector

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46902

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0017793

- https://www.zerodayinitiative.com/advisories/ZDI-24-1227/

CVE-2024-48904 - Trend Micro Cloud Edge is vulnerable to command injection, enabling remote execution of arbitrary code without authentication.

Product: Trend Micro Cloud Edge

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48904

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0017998

- https://www.zerodayinitiative.com/advisories/ZDI-24-1418/

CVE-2024-26519 - Casa Systems NTC-221 version 2.0.99.0 and earlier allow remote attackers to execute arbitrary code through a crafted payload to the /www/cgi-bin/nas.cgi component.

Product: Casa Systems NTC-221

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26519

NVD References: https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router/

CVE-2024-40493 - Keith Cullen FreeCoAP 1.0 is vulnerable to a Null Pointer Dereference in the `coap_client_exchange_blockwise2` function, potentially leading to denial of service and arbitrary code execution through a crafted CoAP packet.

Product: Keith Cullen FreeCoAP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40493

NVD References:

- https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4

- https://github.com/keith-cullen/FreeCoAP/issues/37

CVE-2024-40494 - FreeCoAP is vulnerable to a buffer overflow in coap_msg.c, enabling remote attackers to execute arbitrary code or trigger a denial of service by sending a specially crafted packet.

Product: FreeCoAP coap_msg.c

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40494

NVD References:

- https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113

- https://github.com/dqp10515/security/tree/main/FreeCoAP_bug

CVE-2024-41717 - Kieback & Peter's DDC4000 series is susceptible to a path traversal vulnerability, enabling unauthenticated attackers to view system files.

Product: Kieback & Peter DDC4000 series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41717

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05

CVE-2024-43698 - Kieback & Peter's DDC4000 series is vulnerable to unauthenticated attackers gaining full admin rights due to weak credentials.

Product: Kieback & Peter DDC4000 series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43698

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05

CVE-2024-44812 - Online Complaint Site v.1.0 is vulnerable to SQL injection, allowing a remote attacker to escalate privileges by manipulating the username and password parameters in the /admin.index.php component.

Product: Janobe Online Complaint Site

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44812

NVD References: https://github.com/b1u3st0rm/CVE-2024-44812-PoC

CVE-2024-46483 - Xlight FTP Server <3.9.4.3 is vulnerable to an integer overflow in its SFTP server, allowing for a heap overflow with attacker-controlled content.

Product: Xlight FTP Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46483

NVD References: https://github.com/kn32/cve-2024-46483

CVE-2024-9947 - The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.

Product: ProfilePress Pro plugin for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9947

NVD References:

- https://profilepress.com/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/61b477c3-88b7-45a4-9fc4-6bca6f7c3604?source=cve

CVE-2024-47901 - InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber are vulnerable to code execution through unfiltered input parameters in specific GET requests, potentially allowing remote attackers to execute arbitrary code with root privileges.

Product: Siemens InterMesh 7177 Hybrid

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47901

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-333468.html

CVE-2024-49652 - ReneeCussack 3D Work In Progress allows attackers to upload a malicious web shell to a web server due to unrestricted file type upload vulnerability.

Product: ReneeCussack 3D Work In Progress

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49652

NVD References: https://patchstack.com/database/vulnerability/renee-work-in-progress/wordpress-3d-work-in-progress-plugin-1-0-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49653 - Portfolleo allows for unrestricted upload of files with dangerous types, allowing attackers to upload a web shell to a web server.

Product: James Eggers Portfolleo

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49653

NVD References: https://patchstack.com/database/vulnerability/portfolleo/wordpress-portfolleo-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49658 - Woocommerce Custom Profile Picture allows for unrestricted upload of dangerous files, potentially leading to the upload of a web shell on the web server.

Product: Ecomerciar Woocommerce Custom Profile Picture

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49658

NVD References: https://patchstack.com/database/vulnerability/woo-custom-profile-picture/wordpress-woocommerce-custom-profile-picture-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49668 - Verbalize WP allows unrestricted upload of dangerous files, potentially enabling attackers to upload a web shell to the server.

Product: Admin Verbalize WP

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49668

NVD References: https://patchstack.com/database/vulnerability/verbalize-wp/wordpress-verbalize-wp-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49669 - INK Official allows for the unrestricted upload of dangerous file types, potentially enabling the upload of web shells to web servers, impacting versions from n/a through 4.1.2.

Product: Alexander De Ridder INK Official

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49669

NVD References: https://patchstack.com/database/vulnerability/ink-official/wordpress-ink-official-plugin-4-1-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49671 - AI Image Generator for Your Content & Featured Images – AI Postpix allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.

Product: Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49671

NVD References: https://patchstack.com/database/vulnerability/ai-postpix/wordpress-ai-postpix-plugin-1-1-8-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-48538 - Neye3C v4.5.2.0 has incorrect access control, allowing attackers to access sensitive information through the firmware update and download processes.

Product: Neye3C

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48538

NVD References:

- http://neye3c.com

- http://www.netdvr.cn/page6

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo.md

CVE-2024-48539 - Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

Product: Neye3C

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48539

NVD References:

- http://neye3c.com

- http://www.netdvr.cn/page6

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo_key.md

CVE-2024-10335 - SourceCodester Garbage Collection Management System 1.0 is vulnerable to a critical SQL injection flaw in the login.php file, allowing remote attackers to manipulate the username/password argument.

Product: SourceCodester Garbage Collection Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10335

NVD References: https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md

CVE-2024-10336 - SourceCodeHero Clothes Recommendation System 1.0 is vulnerable to a critical SQL injection in the Admin Login Page component's /admin/index.php file, allowing remote attackers to manipulate the argument t1 for unauthorized access.

Product: SourceCodeHero Clothes Recommendation System Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10336

CVE-2024-48548 - Cloud Smart Lock v2.0.1 has a leaked URL in its APK file that allows attackers to bind physical devices through API calls using a bruteforce attack.

Product: Cloud Smart Lock v2.0.1

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48548

NVD References:

- https://cloudsmartlock.com/m/app.html

- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.seamooncloud.cloudsmartlock/com.seamooncloud.cloudsmartlock.md

CVE-2024-46478 - HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

Product: HTMLDOC v1.9.18

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46478

NVD References:

- https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98

- https://github.com/michaelrsweet/htmldoc/issues/529

CVE-2024-48143 - Digitory Multi Channel Integrated POS v1.0 lacks rate limiting in its OTP validation component, enabling attackers to flood the ordering system with excessive food orders.

Product: Digitory Multi Channel Integrated POS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48143

NVD References:

- https://digitory.com/multi-channel-integrated-pos/

- https://github.com/soursec/CVEs/tree/main/CVE-2024-48143

CVE-2024-48144 - Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 has a prompt injection vulnerability that enables attackers to access and steal all chat data between users and the AI assistant.

Product: Fusion Chat Chat AI Assistant Ask Me Anything

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48144

NVD References:

- https://apps.microsoft.com/detail/9n3ff8j3d7zr?hl=en-US&gl=US

- https://github.com/soursec/CVEs/tree/main/CVE-2024-48144

CVE-2024-48145 - Netangular Technologies ChatNet AI Version v1.0 is vulnerable to prompt injection, enabling attackers to access and steal all chat data exchanged with the AI assistant.

Product: Netangular Technologies ChatNet AI

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48145

NVD References:

- https://apps.microsoft.com/detail/9n3zxd05895t?hl=en-us&gl=US

- https://github.com/soursec/CVEs/tree/main/CVE-2024-48145

CVE-2024-47883 - The OpenRefine fork of the MIT Simile Butterfly server is vulnerable to remote code execution and server-side request forgery prior to version 1.2.6.

Product: OpenRefine Butterfly

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47883

NVD References:

- https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c

- https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8

CVE-2024-7763 - WhatsUp Gold versions released before 2024.0.0 have an Authentication Bypass issue that enables attackers to access encrypted user credentials.

Product: WhatsUp Gold

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7763

NVD References:

- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

- https://www.progress.com/network-monitoring

CVE-2024-41617 - Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control, allowing unauthenticated attackers to upload and potentially execute arbitrary files.

Product: Money Manager EX WebApp

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41617

NVD References:

- https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d

- https://github.com/moneymanagerex/web-money-manager-ex/issues/51

- https://github.com/moneymanagerex/web-money-manager-ex/releases/tag/v1.2.3

- https://youtu.be/JaOrlT9G3yo?t=88

CVE-2024-41618 - Money Manager EX WebApp (web-money-manager-ex) 1.2.2 has an SQL Injection vulnerability in the `transaction_delete_group` function due to improper sanitization of user input.

Product: Money Manager EX WebApp

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41618

NVD References:

- https://github.com/moneymanagerex/web-money-manager-ex/commit/f2850b295ee21bc299799343a3bc4d004d05651d

- https://github.com/moneymanagerex/web-money-manager-ex/issues/51

- https://github.com/moneymanagerex/web-money-manager-ex/releases/tag/v1.2.3

- https://www.youtube.com/watch?v=JaOrlT9G3yo

CVE-2024-9488 - The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site up to version 7.6.24.

Product: Wordpress wpDiscuz plugin

Active Installations: 80,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9488

NVD References:

- https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/forms/wpdFormAttr/Login/SocialLogin.php

- https://plugins.trac.wordpress.org/changeset/3164486/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b71706a7-e101-4d50-a2da-1aeeaf07cf4b?source=cve

CVE-2024-47406 - Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.

Product: Sharp Toshiba Tec

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47406

NVD References:

- https://global.sharp/products/copier/info/info_security_2024-10.html

- https://jvn.jp/en/vu/JVNVU95063136/

- https://www.toshibatec.com/information/20241025_01.html

CVE-2022-30355 & CVE-2022-30357 - OvalEdge 5.2.8.0 and earlier is susceptible to Account Takeover vulnerabilities requiring authentication via a POST request to /profile/updateProfile.

Product: OvalEdge Profile Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-30355

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-30357

NVD References:

- https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30355

- https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30357

CVE-2024-48204 - Hanzhou Haobo network management system 1.0 is vulnerable to SQL injection, enabling remote attackers to execute arbitrary code using a crafted script.

Product: Hanzhou Haobo network management system 1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48204

NVD References: https://gist.github.com/NasYangh/161618e4552ca40ad1ac25b4d673bfcf

CVE-2024-48579 - Best House rental management system project in php v.1.0 is vulnerable to SQL Injection through the username parameter in login requests, enabling remote attackers to execute arbitrary code.

Product: Best House rental management system project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48579

NVD References: https://github.com/baineoli/CVE/blob/main/2024/house%20rental%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.md

CVE-2024-48580 & CVE-2024-48581 - Best courier management system in php v.1.0 vulnerabilities allow remote attackers to execute arbitrary code.

Product: Best

Product name: courier management system in php v.1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48580

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48581

NVD References: https://github.com/baineoli/CVE/blob/main/2024/courier%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.md

CVE-2024-10386 - Rockwell Automation ThinManager® is vulnerable to authentication attacks that could result in database manipulation through crafted messages sent over the network.

Product: Rockwell Automation ThinManager®

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10386

NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html

CVE-2024-37846 - MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.

Product: MangoOS before 5.2.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37846

NVD References:

- https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf

- https://github.com/herombey/Disclosures/tree/main

CVE-2024-37847 - MangoOS and Mango API versions before 5.1.4 and 4.5.5, respectively, are vulnerable to arbitrary file upload attacks that enable remote code execution.

Product: MangoOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37847

NVD References:

- https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf

- https://github.com/herombey/Disclosures/tree/main

CVE-2024-48218, CVE-2024-48222, CVE-2024-48223, CVE-2024-48226, CVE-2024-48229, & CVE-2024-48230 - Funadmin v5.0.2 has multiple SQL injection vulnerabilities in /curd/table/list.

Product: Funadmin v5.0.2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48218

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48222

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48223

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48226

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48229

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48230

NVD References:

- https://github.com/funadmin/funadmin/issues/21

- https://github.com/funadmin/funadmin/issues/22

- https://github.com/funadmin/funadmin/issues/23

- https://github.com/funadmin/funadmin/issues/26

- https://github.com/funadmin/funadmin/issues/28

- https://github.com/funadmin/funadmin/issues/30

CVE-2024-48225 - Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

Product: Funspot Funadmin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48225

NVD References: https://github.com/funadmin/funadmin/issues/25

CVE-2024-47821 - pyLoad Download Manager allows for remote code execution on versions prior to 0.5.0b3.dev87 by uploading an executable file to the `/scripts` folder and triggering a specific action.

Product: pyLoad Download Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47821

NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g

CVE-2024-9930 - The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass up to version 0.2.3.2, allowing unauthenticated attackers to log in as any existing user on the site.

Product: HocWP Team Extensions by HocWP Team plugin

Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9930

NVD References:

- https://plugins.trac.wordpress.org/browser/sb-core/trunk/ext/account.php?rev=2715527#L374

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca3775db-0722-4090-924e-81e38d5dce97?source=cve

CVE-2024-9931 - The Wux Blog Editor plugin for WordPress up to version 3.0.0 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as the first administrator user.

Product: WordPress Wux Blog Editor plugin

Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9931

NVD References:

- https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675

- https://www.wordfence.com/threat-intel/vulnerabilities/id/494ef738-c900-4d00-8739-3b261586d4ff?source=cve

CVE-2024-9932 - The Wux Blog Editor plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code.

Product: WordPress Wux Blog Editor plugin

Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9932

NVD References:

- https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cve

CVE-2024-9933 - The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to 3.9.6, allowing unauthenticated attackers to log in as the administrator user.

Product: WatchTowerHQ WordPress plugin

Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9933

NVD References:

- https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.9.6/src/Password_Less_Access.php#L56

- https://www.wordfence.com/threat-intel/vulnerabilities/id/50349086-e7b0-4f73-8722-1367cc05180e?source=cve

CVE-2024-9501 - The WP Social Login and Register Social Counter plugin for WordPress allows unauthenticated attackers to log in as any existing user on the site due to an authentication bypass vulnerability.

Product: Wordpress WP Social Login and Register Social Counter plugin

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9501

NVD References:

- https://plugins.trac.wordpress.org/browser/wp-social/tags/3.0.6/inc/admin-create-user.php#L205

- https://plugins.trac.wordpress.org/changeset/3173675/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a4294f5f-d989-4b97-88ee-4e94f4f7845a?source=cve

CVE-2024-10413 - SourceCodester Online Hotel Reservation System 1.0 allows for remote attackers to launch an exploit through the manipulation of the argument image in the file /guest/update.php, resulting in unrestricted file upload.

Product: Janobe Online Hotel Reservation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10413

NVD References: https://github.com/K1nako0/tmp_vuln11/blob/main/README.md

CVE-2024-10418 - Blood Bank Management System 1.0 is vulnerable to a critical sql injection in the file /file/infoAdd.php, allowing remote attackers to exploit the bg argument.

Product: Fabianros Blood Bank Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10418

NVD References: https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11

CVE-2024-10420 - SourceCodester Attendance and Payroll System 1.0 is vulnerable to remote unrestricted file upload due to manipulation of the image argument in update.php.

Product: Nurhodelta17 Attendance And Payroll System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10420

NVD References: https://github.com/K1nako0/tmp_vuln12/blob/main/README.md

CVE-2024-10421 & CVE-2024-10422 - SourceCodester Attendance and Payroll System 1.0 critical SQL injection vulnerabilities

Product: Nurhodelta17 Attendance And Payroll System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10421

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10422

NVD References: https://github.com/K1nako0/tmp_vuln13/blob/main/README.md

NVD References: https://github.com/K1nako0/tmp_vuln14/blob/main/README.md

CVE-2024-10423, CVE-2024-10424, & CVE-2024-10425 - Project Worlds Student Project Allocation System 1.0 is susceptible to critical SQL injection vulnerabilities

Product: Project Worlds Student Project Allocation System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10423

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10424

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10425

NVD References:

- https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_add_project_sqli.md

- https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_remove_project_sqli.md

- https://github.com/jadu101/CVE/blob/main/phpgurukul_student_project_allocation_system_move_up_project_sqli.md

CVE-2024-10440 - The eHDR CTMS from Sunnet is vulnerable to SQL Injection, enabling unauthenticated remote attackers to manipulate database contents.

Product: Sunnet eHDR CTMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10440

NVD References:

- https://www.twcert.org.tw/en/cp-139-8169-0632f-2.html

- https://www.twcert.org.tw/tw/cp-132-8168-02720-1.html

CVE-2024-50450 - RealMag777 WordPress Meta Data and Taxonomies Filter (MDTF) is vulnerable to improper control of code generation, allowing code injection from versions n/a through 1.3.3.4.

Product: Wordpress Meta Data And Taxonomies Filter

Active Installations: 1,000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50450

NVD References: https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve

CVE-2024-50477 - Stacks Mobile App Builder allows an authentication bypass through an alternate path or channel, affecting versions up to 5.2.3.

Product: Stacks Mobile App Builder

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50477

NVD References: https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-account-takeover-vulnerability?_s_id=cve

CVE-2024-50486 - Acnoo Flutter API is vulnerable to Authentication Bypass through an alternate path or channel, impacting versions from n/a to 1.0.5.

Product: Acnoo Flutter API

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50486

NVD References: https://patchstack.com/database/vulnerability/acnoo-flutter-api/wordpress-acnoo-flutter-api-plugin-1-0-5-account-takeover-vulnerability?_s_id=cve

CVE-2024-50487 - MaanStore API is vulnerable to authentication bypass via an alternate path or channel, impacting versions from n/a through 1.0.1.

Product: MaanTheme MaanStore API

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50487

NVD References: https://patchstack.com/database/vulnerability/maanstore-api/wordpress-maanstore-api-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve

CVE-2024-50489 - Realty Workstation is vulnerable to authentication bypass through an alternate path or channel, affecting versions from n/a through 1.0.45.

Product: Realty Workstation

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50489

NVD References: https://patchstack.com/database/vulnerability/realty-workstation/wordpress-realty-workstation-plugin-1-0-45-account-takeover-vulnerability?_s_id=cve

CVE-2024-50498 - WP Query Console is vulnerable to Code Injection due to improper control of code generation, impacting versions from n/a through 1.0.

Product: Lubus WP Query Console

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50498

NVD References: https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-50478 - Swoop 1-Click Login: Passwordless Authentication is vulnerable to an Authentication Bypass through its primary weakness.

Product: Swoop 1-Click Login

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50478

NVD References: https://patchstack.com/database/vulnerability/swoop-password-free-authentication/wordpress-1-click-login-passwordless-authentication-plugin-1-4-5-broken-authentication-vulnerability?_s_id=cve

CVE-2024-50479 - Mansur Ahamed Woocommerce Quote Calculator is vulnerable to Blind SQL Injection from versions n/a through 1.1.

Product: Mansur Ahamed Woocommerce Quote Calculator

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50479

NVD References: https://patchstack.com/database/vulnerability/woo-quote-calculator-order/wordpress-woocommerce-quote-calculator-plugin-1-1-sql-injection-vulnerability?_s_id=cve

CVE-2024-50483 - Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.

Product: Meetup

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50483

NVD References: https://patchstack.com/database/vulnerability/meetup/wordpress-meetup-plugin-0-1-broken-authentication-vulnerability?_s_id=cve

CVE-2024-50491 - Micah Blu RSVP ME is vulnerable to SQL Injection from n/a through 1.9.9.

Product: Micah Blu RSVP ME

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50491

NVD References: https://patchstack.com/database/vulnerability/rsvp-me/wordpress-rsvp-me-plugin-1-9-9-sql-injection-vulnerability?_s_id=cve

CVE-2024-50495 - WidgiLabs Plugin Propagator allows malicious upload of web shells due to unrestricted file uploads vulnerability.

Product: WidgiLabs Plugin Propagator

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50495

NVD References: https://patchstack.com/database/vulnerability/wp-propagator/wordpress-plugin-propagator-plugin-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50496 - AR For WordPress is vulnerable to unrestricted file uploads of dangerous types, allowing an attacker to upload a web shell to a web server, affecting versions from n/a through 6.2.

Product: Web and Print Design AR For WordPress

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50496

NVD References: https://patchstack.com/database/vulnerability/ar-for-wordpress/wordpress-ar-for-wordpress-plugin-6-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-44217 - iOS and iPadOS 18 fixed a permissions vulnerability by removing vulnerable code and adding additional checks, allowing password autofill to potentially fill passwords after failed authentication.

Product: Apple iOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44217

NVD References: https://support.apple.com/en-us/121250

CVE-2024-45656 - IBM Flexible Service Processor (FSP) has static credentials that can be exploited by network users to gain unauthorized service privileges.

Product: IBM Flexible Service Processor (FSP)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45656

NVD References: https://www.ibm.com/support/pages/node/7174183

CVE-2024-50480 - Azexo Marketing Automation by AZEXO allows attackers to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability.

Product: AZEXO Marketing Automation

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50480

NVD References: https://patchstack.com/database/vulnerability/marketing-automation-by-azexo/wordpress-marketing-automation-by-azexo-plugin-1-27-80-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50482 - Woocommerce Product Design allows for the unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.

Product: Chetan Khandla Woocommerce Product Design

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50482

NVD References: https://patchstack.com/database/vulnerability/woo-product-design/wordpress-woocommerce-product-design-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50484 - Multi Purpose Mail Form is vulnerable to file uploads that can allow attackers to upload a web shell onto a web server.

Product: mahlamusa Multi Purpose Mail Form

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50484

NVD References: https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50493 - Automatic Translation: Unrestricted uploading of dangerous file types allows attackers to upload a web shell to the web server, affecting versions up to 1.0.4.

Product: masterhomepage Automatic Translation

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50493

NVD References: https://patchstack.com/database/vulnerability/automatic-translation/wordpress-automatic-translation-plugin-1-0-4-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50494 - Sudan Payment Gateway for WooCommerce allows for unrestricted upload of dangerous file types, which can lead to the uploading of a web shell onto a web server.

Product: Amin Omer Sudan Payment Gateway for WooCommerce

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50494

NVD References: https://patchstack.com/database/vulnerability/wc-sudan-payment-gateway/wordpress-sudan-payment-gateway-for-woocommerce-plugin-1-2-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50473 - Ajar Productions Ajar in5 Embed allows the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server.

Product: Ajar Productions Ajar in5 Embed

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50473

NVD References: https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-50475 - Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0.

Product: Scott Gamon Signup Page

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50475

NVD References: https://patchstack.com/database/vulnerability/signup-page/wordpress-signup-page-plugin-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-50476 - GRÜN spendino Spendenformular allows Privilege Escalation due to Missing Authorization vulnerability, affecting versions n/a through 1.0.1.

Product: GRÜN Software Group GmbH GRÜN spendino Spendenformular

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50476

NVD References: https://patchstack.com/database/vulnerability/spendino/wordpress-gruen-spendino-spendenformular-plugin-1-0-1-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-50485 - Exam Matrix has an Incorrect Privilege Assignment vulnerability that allows Privilege Escalation from versions n/a through 1.5.

Product: Udit Rawat Exam Matrix

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50485

NVD References: https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-50490 - PegaPoll allows unauthorized access to functionality not restricted by ACLs.

Product: Szabolcs Szecsenyi PegaPoll

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50490

NVD References: https://patchstack.com/database/vulnerability/pegapoll/wordpress-pegapoll-plugin-1-0-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-10467 - Firefox, Firefox ESR, and Thunderbird versions below 132 are vulnerable to memory safety bugs allowing potential arbitrary code execution.

Product: Mozilla Firefox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10467

NVD References:

- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706

- https://www.mozilla.org/security/advisories/mfsa2024-55/

- https://www.mozilla.org/security/advisories/mfsa2024-56/

- https://www.mozilla.org/security/advisories/mfsa2024-58/

- https://www.mozilla.org/security/advisories/mfsa2024-59/

CVE-2024-10468 - Firefox and Thunderbird versions prior to 132 are vulnerable to potential race conditions in IndexedDB leading to memory corruption and exploitable crashes.

Product: Mozilla Firefox

CVSS Score: 9.8 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10468

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1914982

- https://www.mozilla.org/security/advisories/mfsa2024-55/

- https://www.mozilla.org/security/advisories/mfsa2024-59/

CVE-2024-10474 - Focus for iOS < 132 had a vulnerability that allowed internal links to use the app scheme for deeplinking, potentially bypassing URL safety checks.

Product: Focus for iOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10474

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1863832

- https://www.mozilla.org/security/advisories/mfsa2024-60/

CVE-2024-5982 - Gaizhenbiao/chuanhuchatgpt has a path traversal vulnerability due to unsanitized input handling in user upload, directory creation, and template loading features, enabling remote code execution, directory creation, and CSV file content leakage.

Product: Gaizhenbiao/chuanhuchatgpt

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5982

NVD References:

- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7

- https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb

CVE-2024-7474 - lunary-ai/lunary version 1.3.2 is vulnerable to an Insecure Direct Object Reference (IDOR) flaw, enabling unauthorized access to external user data by manipulating the 'id' parameter in the request URL.

Product: lunary-ai lunary

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7474

NVD References:

- https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

- https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871

CVE-2024-7475 - Lunary version 1.3.2 is vulnerable to improper access control, allowing unauthorized users to update the SAML configuration and potentially manipulate authentication processes and steal user information.

Product: lunary-ai lunary

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7475

NVD References:

- https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

- https://huntr.com/bounties/78c824f7-3b6d-443d-bb76-0f8031c6c126

CVE-2024-49768 - Waitress is vulnerable to a remote client sending a request of exact length followed by a secondary request using HTTP pipelining, allowing a race condition that can be fixed by disabling channel_request_lookahead.

Product: Pylons Project Waitress

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49768

NVD References:

- https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65

- https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

CVE-2024-8923 - ServiceNow has fixed an input validation vulnerability allowing remote code execution on the Now Platform.

Product: ServiceNow Now Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8923

NVD References: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070

CVE-2024-9988 - The Crypto plugin for WordPress allows unauthenticated attackers to log in as any existing user, including administrators, due to an authentication bypass vulnerability in versions up to 2.15.

Product: WordPress Crypto plugin

Active Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9988

NVD References:

- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L91

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7bfe87cf-9883-4f8f-a0f5-23bbc7bb9b7c?source=cve

CVE-2024-9989 - The Crypto plugin for WordPress allows unauthenticated attackers to bypass authentication and log in as any existing user, including administrators, due to an arbitrary method call vulnerability in versions up to 2.15.

Product: WordPress Crypto plugin

Active Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9989

NVD References:

- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138

- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L33

- https://www.wordfence.com/threat-intel/vulnerabilities/id/e21bd924-1d96-4371-972a-5c99d67261cc?source=cve

CVE-2024-51378 - CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands.

Product: CyberPanel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51378

NVD References:

- https://cwe.mitre.org/data/definitions/420.html

- https://cwe.mitre.org/data/definitions/78.html

- https://cyberpanel.net/KnowledgeBase/home/change-logs/

- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel

- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683

- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/

- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

CVE-2024-51567 - CyberPanel before 5b08cd6 allows remote attackers to execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware and using shell metacharacters in the statusfile property.

Product: CyberPanel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51567

NVD References:

- https://cwe.mitre.org/data/definitions/420.html

- https://cwe.mitre.org/data/definitions/78.html

- https://cyberpanel.net/KnowledgeBase/home/change-logs/

- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel

- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce

- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515

- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

CVE-2024-51568 - CyberPanel before version 2.3.5 is vulnerable to Command Injection and unauthenticated remote code execution through /filemanager/upload.

Product: CyberPanel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51568

NVD References:

- https://cwe.mitre.org/data/definitions/78.html

- https://cyberpanel.net/KnowledgeBase/home/change-logs/

- https://cyberpanel.net/blog/cyberpanel-v2-3-5

- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce

CVE-2024-44122 - macOS Ventura 13.7.1, macOS Sequoia 15, and macOS Sonoma 14.7.1 are vulnerable to a logic issue that allows applications to break out of their sandbox.

Product: Apple macOS

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44122

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121238

- https://support.apple.com/en-us/121568

- https://support.apple.com/en-us/121570

CVE-2024-44126 - macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18, and iPadOS 18 are all vulnerable to heap corruption when processing a maliciously crafted file, but the issue has been fixed with improved checks.

Product: Apple macOS, iOS, iPadOS, and visionOS

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44126

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121238

- https://support.apple.com/en-us/121246

- https://support.apple.com/en-us/121247

- https://support.apple.com/en-us/121249

- https://support.apple.com/en-us/121250

- https://support.apple.com/en-us/121568

CVE-2024-44156 - macOS had a path deletion vulnerability that allowed apps to bypass Privacy preferences, fixed in versions 13.7.1 and 14.7.1.

Product: Apple macOS

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44156

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121568

- https://support.apple.com/en-us/121570

CVE-2024-44159 - macOS had a path deletion vulnerability that allowed apps to bypass Privacy preferences, fixed in versions 13.7.1 and 14.7.1.

Product: Apple macOS

CVSS Score: 7.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44159

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121568

- https://support.apple.com/en-us/121570

CVE-2024-44218 - iOS, iPadOS, macOS Sonoma are affected by a vulnerability that could result in heap corruption when processing a malicious file, fixed in versions including iOS 17.7.1 and iPadOS 17.7.1.

Product: Apple iOS, iPadOS, macOS Sonoma

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44218

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121563

- https://support.apple.com/en-us/121567

- https://support.apple.com/en-us/121570

CVE-2024-44259 - iOS, iPadOS, and visionOS versions 17.7.1, 18.1, and 2.1 are susceptible to unauthorized downloading of malicious content due to a trust relationship misuse.

Product: Apple iOS, iPadOS, and visionOS

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44259

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121563

- https://support.apple.com/en-us/121564

- https://support.apple.com/en-us/121566

- https://support.apple.com/en-us/121567

- https://support.apple.com/en-us/121571

CVE-2024-44277 - iOS, iPadOS, visionOS, and tvOS version 18.1 addressed an issue with improved memory handling, preventing an app from causing unexpected system termination or corrupting kernel memory.

Product: Apple iOS, iPadOS, visionOS, and tvOS

CVSS Score: 7.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44277

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121563

- https://support.apple.com/en-us/121566

- https://support.apple.com/en-us/121569

CVE-2024-44289 - macOS Ventura and macOS Sonoma versions 13.7.1 and 14.7.1 address a privacy issue allowing apps to access sensitive location data.

Product: Apple macOS

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44289

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121568

- https://support.apple.com/en-us/121570

CVE-2024-44295 - macOS Ventura and macOS Sonoma allows apps to modify protected parts of the file system due to insufficient entitlement checks.

Product: Apple macOS Ventura and macOS Sonoma

CVSS Score: 7.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44295

ISC Diary: https://isc.sans.edu/diary/31390

NVD References:

- https://support.apple.com/en-us/121568

- https://support.apple.com/en-us/121570

CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.

Product: VMware vCenter Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812

ISC Podcast: https://isc.sans.edu/podcastdetail/9192

CVE-2024-38813 - The vCenter Server is vulnerable to privilege escalation, allowing a malicious actor to gain root access through a specially crafted network packet.

Product: VMware vCenter Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38813

ISC Podcast: https://isc.sans.edu/podcastdetail/9192

The following vulnerability needs a manual review:

CVE-2024-41992 - A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers. The CERT/CC recommends that vendors, who have included the Wi-Fi Test Suite, to update it to version >=9.0 or remove it entirely from production devices to reduce the risk of exploitation.

Product: WiFi Alliance Wi-Fi Test Suite

CVSS Score: N/A

NVD: N/A

ISC Podcast: https://isc.sans.edu/podcastdetail/9198

References:

- https://kb.cert.org/vuls/id/123336

- https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/