SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 44
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
[Guest Diary] Insights from August Web Traffic Surge
Published: 2024-11-06.
Last Updated: 2024-11-06 04:32:30 UTC
by Trevor Coleman, SANS.edu BACS Student (Version: 1)
[This is a Guest Diary by Trevor Coleman, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program.
The month of August brought with it a notable surge in web traffic log activities, catching my attention. As I delved into investigating the underlying causes of this spike, I uncovered some concerning findings that shed light on the potential risks organizations face in today's digital landscape.
The web honeypot log traffic, as parsed in the DShield-SIEM dashboard, served as a visual representation of the significant increase in activity. With over 62,000,000 activity logs originating from a single IP source, it was evident that something was amiss, comparatively to the second most source at 757,000. The most observed activity was directed towards destination ports 5555, 7547, and 9000, indicating a targeted effort to exploit vulnerabilities in web applications. Ports 5555 and 9000 are commonly used in malware attacks for known vulnerabilities on webservers ...
Analysis of the HTTP requests to the web honeypot revealed that the attacker exploited various known vulnerabilities. Out of the total requests, 57,243,299 (92%) were GET requests, 4,960,056 (8%) were POST requests, while there were significantly fewer PUT (18,466) and DELETE (4,150) requests. Figure 5 shows the top 5 http request methods and corresponding logs and count of each attempt. Note only 2 different PATCH request types were present ...
Read the full entry:
https://isc.sans.edu/diary/Guest+Diary+Insights+from+August+Web+Traffic+Surge/31408/
Scans for RDP Gateways
Published: 2024-10-30.
Last Updated: 2024-10-30 23:08:30 UTC
by Johannes Ullrich (Version: 1)
RDP is one of the most prominent entry points into networks. Ransomware actors have taken down many large networks after initially entering via RDP. Credentials for RDP access are often traded by “initial access brokers".
I noticed today an uptick in scans for "/RDWeb/Pages/en-US/login<.>aspx" . This is often used to expose RDP gateways, and there are even well-known Google dorks that assist in finding these endpoints. The scans I observed today are spread between several hundred IP addresses, none of which "sticks out" as more frequent than others. This could indicate a large botnet being used to scan for this endpoint.
There are three variations of this URL being used, all with the same effect of detecting the presence of an RDP gateway ...
Read the full entry:
Internet Storm Center Entries
Python RAT with a Nice Screensharing Feature (2024.11.05)
https://isc.sans.edu/diary/Python+RAT+with+a+Nice+Screensharing+Feature/31414/
Analyzing an Encrypted Phishing PDF (2024.11.04)
https://isc.sans.edu/diary/Analyzing+an+Encrypted+Phishing+PDF/31404/
qpdf: Extracting PDF Streams (2024.11.02)
https://isc.sans.edu/diary/qpdf+Extracting+PDF+Streams/31406/
October 2024 Activity with Username chenzilong (2024.10.31)
https://isc.sans.edu/diary/October+2024+Activity+with+Username+chenzilong/31400/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-9191 - The Okta Device Access feature allows attackers on compromised devices to retrieve passwords from Desktop MFA passwordless logins.
Product: Okta Verify
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9191
ISC Podcast: https://isc.sans.edu/podcast/9208
NVD References:
- https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4
CVE-2024-48878 - Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.
Product: Zohocorp ManageEngine ADManager Plus
CVSS Score: 8.8
NISC Podcast: https://isc.sans.edu/podcast/9208
NVD References: https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
CVE-2024-38030 - Windows Themes Spoofing Vulnerability
Product: Microsoft Windows_Server_2022
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38030
ISC Podcast: https://isc.sans.edu/podcast/9204
CVE-2024-38821 - Spring WebFlux applications with Spring Security authorization rules on static resources can be bypassed when certain conditions are met.
Product: Spring WebFlux
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38821
ISC Podcast: https://isc.sans.edu/podcast/9202
CVE-2024-45656 - IBM Flexible Service Processor (FSP) has static credentials that can be exploited by network users to gain unauthorized service privileges.
Product: IBM Flexible Service Processor (FSP)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45656
NVD References: https://www.ibm.com/support/pages/node/7174183
CVE-2024-5823 - Gaizhenbiao/chuanhuchatgpt versions <= 20240410 is susceptible to a file overwrite vulnerability, enabling unauthorized access to critical configuration files and potentially causing a denial of service.
Product: Gaizhenbiao Chuanhuchatgpt
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5823
NVD References:
- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b
- https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae
CVE-2024-5982 - Gaizhenbiao/chuanhuchatgpt has a path traversal vulnerability due to unsanitized input handling in user upload, directory creation, and template loading features, enabling remote code execution, directory creation, and CSV file content leakage.
Product: Gaizhenbiao Chuanhuchatgpt
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5982
NVD References:
- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7
- https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb
CVE-2024-6581 - Lollms application version v9.9 allows for the uploading of SVG files, posing a risk of cross-site scripting (XSS) vulnerabilities and remote code execution due to incomplete filtering.
Product: Lollms Lord Of Large Language Models
CVSS Score: 9.0 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6581
NVD References:
- https://github.com/parisneo/lollms/commit/328b960a0de2097e13654ac752253e9541521ddd
- https://huntr.com/bounties/ad68ecd6-44e2-449b-8e7e-f2b71b1b43c7
CVE-2024-7042 - The GraphCypherQAChain class in langchain-ai/langchainjs versions 0.2.5 and all versions allows for SQL injection, unauthorized data manipulation, data exfiltration, DoS attacks, breaches in multi-tenant security, and data integrity compromises.
Product: Langchain
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7042
NVD References:
- https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6
- https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d
CVE-2024-7774 - Langchain-ai/langchainjs version 0.2.5 is vulnerable to a path traversal issue that enables attackers to manipulate files, including saving, overwriting, reading, and deleting files.
Product: Langchain
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7774
NVD References:
- https://github.com/langchain-ai/langchainjs/commit/a0fad77d6b569e5872bd4a9d33be0c0785e538a9
- https://huntr.com/bounties/8fe40685-b714-4191-af7a-3de5e5628cee
CVE-2024-8309 - The GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 is vulnerable to SQL injection, allowing for unauthorized data manipulation, data exfiltration, denial of service, breaches in multi-tenant security, and compromise of data integrity.
Product: Langchain
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8309
NVD References:
- https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
- https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
CVE-2024-7475 - Lunary version 1.3.2 is vulnerable to improper access control, allowing unauthorized users to update the SAML configuration and potentially manipulate authentication processes and steal user information.
Product: Lunary CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7475NVD References: - https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5- https://huntr.com/bounties/78c824f7-3b6d-443d-bb76-0f8031c6c126CVE-2024-49768 - Waitress is vulnerable to a remote client sending a request of exact length followed by a secondary request using HTTP pipelining, allowing a race condition that can be fixed by disabling channel_request_lookahead.Product: Pylons Project WaitressCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49768NVD References: - https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65- https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wjCVE-2024-8923 -ServiceNow has fixed an input validation vulnerability allowing remote code execution on the Now Platform. Product: ServiceNow Now PlatformCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8923NVD References: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070CVE-2024-9988 & CVE-2024-9989 - The Crypto plugin for WordPress allows unauthenticated attackers to log in as any existing user, including administrators, due to an authentication bypass vulnerability in versions up to 2.15.Product: WordPress Crypto pluginActive Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9988NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9989NVD References: - https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L91- https://www.wordfence.com/threat-intel/vulnerabilities/id/7bfe87cf-9883-4f8f-a0f5-23bbc7bb9b7c?source=cve- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138- https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L33- https://www.wordfence.com/threat-intel/vulnerabilities/id/e21bd924-1d96-4371-972a-5c99d67261cc?source=cveCVE-2024-48063 - In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE.Product: PyTorch RemoteModuleCVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48063NVD References: - https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065- https://github.com/pytorch/pytorch/issues/129228- https://github.com/pytorch/pytorch/security/policy#using-distributed-features- https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20cCVE-2024-48206 - A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.Product: chainer v7.8.1CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48206NVD References: - https://gist.github.com/hexian2001/51c6257351098e5b086a12ad247cc6ca- https://rumbling-slice-eb0.notion.site/chainer-s-chainermn-has-MPI-Deserialization-vulnerability-in-chainer-chainer-c6a004feb53a447e8fb440968d73d6fd?pvs=4CVE-2024-48138 - PluXml v5.8.16 and lower is vulnerable to remote code execution via injection of a crafted payload into a template.Product: PluXmlCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48138NVD References: https://github.com/pluxml/PluXml/issues/829CVE-2024-48573 - AquilaCMS 1.409.20 and prior is vulnerable to NoSQL injection, enabling attackers to reset passwords through the "Reset password" feature without authentication.Product: Aquila Solutions AquilaCMSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48573NVD References: https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48573CVE-2024-51378 - CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands.Product: CyberPanelCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51378NVD References: - https://cwe.mitre.org/data/definitions/420.html- https://cwe.mitre.org/data/definitions/78.html- https://cyberpanel.net/KnowledgeBase/home/change-logs/- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/CVE-2024-51567 - CyberPanel before 5b08cd6 allows remote attackers to execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware and using shell metacharacters in the statusfile property.Product: CyberPanelCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51567NVD References: - https://cwe.mitre.org/data/definitions/420.html- https://cwe.mitre.org/data/definitions/78.h…
CVE-2024-8923 - ServiceNow has fixed an input validation vulnerability allowing remote code execution on the Now Platform.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8923
NVD References: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070
CVE-2024-9988 & CVE-2024-9989 - The Crypto plugin for WordPress allows unauthenticated attackers to log in as any existing user, including administrators, due to an authentication bypass vulnerability in versions up to 2.15.
Product: WordPress Crypto plugin
Active Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9988
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9989
NVD References:
CVE-2024-48063 - In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE.
Product: PyTorch RemoteModule
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48063
NVD References:
- https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
- https://github.com/pytorch/pytorch/issues/129228
- https://github.com/pytorch/pytorch/security/policy#using-distributed-features
CVE-2024-48206 - A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.
Product: chainer v7.8.1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48206
NVD References:
- https://gist.github.com/hexian2001/51c6257351098e5b086a12ad247cc6ca
CVE-2024-48138 - PluXml v5.8.16 and lower is vulnerable to remote code execution via injection of a crafted payload into a template.
Product: PluXml
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48138
NVD References: https://github.com/pluxml/PluXml/issues/829
CVE-2024-48573 - AquilaCMS 1.409.20 and prior is vulnerable to NoSQL injection, enabling attackers to reset passwords through the "Reset password" feature without authentication.
Product: Aquila Solutions AquilaCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48573
NVD References: https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-48573
CVE-2024-51378 - CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands.
Product: CyberPanel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51378
NVD References:
- https://cwe.mitre.org/data/definitions/420.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cyberpanel.net/KnowledgeBase/home/change-logs/
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683
- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/
CVE-2024-51567 - CyberPanel before 5b08cd6 allows remote attackers to execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware and using shell metacharacters in the statusfile property.
Product: CyberPanel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51567
NVD References:
- https://cwe.mitre.org/data/definitions/420.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cyberpanel.net/KnowledgeBase/home/change-logs/
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
CVE-2024-51568 - CyberPanel before version 2.3.5 is vulnerable to Command Injection and unauthenticated remote code execution through /filemanager/upload.
Product: CyberPanelCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51568NVD References: - https://cwe.mitre.org/data/definitions/78.html- https://cyberpanel.net/KnowledgeBase/home/change-logs/- https://cyberpanel.net/blog/cyberpanel-v2-3-5- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rceCVE-2024-10507 & CVE-2024-10509, CVE-2024-10736 & CVE-2024-10737 - Codezips Free Exam Hall Seating Management System 1.0 is vulnerable to critical SQL injection flawsProducts: Codezips Free Exam Hall Seating Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10507NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10509NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10736NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10737NVD References: - https://github.com/ppp-src/CVE/issues/26- https://github.com/ppp-src/CVE/issues/27- https://github.com/EddieAy/cve/issues/3- https://github.com/Scholar-XD/CVE/issues/1CVE-2024-10556, CVE-2024-10561, & CVE-2024-10752 - Codezips Pet Shop Management System 1.0 critical SQL injection flawsProduct: Codezips Pet Shop Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10556NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10561NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10752NVD References: https://github.com/ppp-src/CVE/issues/28NVD References: https://github.com/ppp-src/CVE/issues/29NVD References: https://github.com/primaryboy/CVE/issues/1CVE-2024-8512 - The W3SPEEDSTER plugin for WordPress allows authenticated attackers to perform Remote Code Execution by exploiting the 'script' parameter in versions up to 7.26.Product: WordPress W3SPEEDSTERActive Installations: 1,000+CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8512NVD References: - https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740- https://plugins.trac.wordpress.org/changeset/3175640/- https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cveCVE-2024-10525 - Eclipse Mosquitto is vulnerable to out of bounds memory access in its on_subscribe callback due to a crafted SUBACK packet from a malicious broker, affecting mosquitto_sub and mosquitto_rr clients.Product: Eclipse MosquittoCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10525NVD References: - https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190- https://mosquitto.org/blog/2024/10/version-2-0-19-released/CVE-2024-23309 - The LevelOne WBR-6012 router is vulnerable to an authentication bypass due to its reliance on client IP addresses for authentication, allowing attackers to gain unauthorized access by spoofing an IP address.Product: LevelOne WBR-6012_routerCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23309NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996CVE-2024-33699 - The LevelOne WBR-6012 router's firmware version R0.40e6 allows attackers to change the administrator password without current credentials.Product: LevelOne WBR-6012 routerCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33699NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984CVE-2024-51252, CVE-2024-51255, CVE-2024-51259, CVE-2024-51260, CVE-2024-51298 - Draytek Vigor3900 1.5.1.3 command injection vulnerabilitiesProduct: Draytek Vigor3900CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51252NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51255NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51259NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51260NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51298NVD References: https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdfCVE-2024-10456 - Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are vulnerable to a deserialization attack on the Device-Gateway, allowing unauthorized deserialization of .NET objects.Product: Delta Electronics InfraSuite Device MasterCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10456NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03CVE-2024-48202 - icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.Product: icecmsCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48202NVD References: https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-48202.mdCVE-2024-48112 - A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.Product: ThinkPHPCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48112NVD References: - https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md- https://github.com/top-think/thinkCVE-2024-51424 & CVE-2024-51427 - Ethereum v.1.12.2 vulnerabilities al…
CVE-2024-10556, CVE-2024-10561, & CVE-2024-10752 - Codezips Pet Shop Management System 1.0 critical SQL injection flaws
Product: Codezips Pet Shop Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10556
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10561
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10752
NVD References: https://github.com/ppp-src/CVE/issues/28
NVD References: https://github.com/ppp-src/CVE/issues/29
NVD References: https://github.com/primaryboy/CVE/issues/1
CVE-2024-8512 - The W3SPEEDSTER plugin for WordPress allows authenticated attackers to perform Remote Code Execution by exploiting the 'script' parameter in versions up to 7.26.
Product: WordPress W3SPEEDSTER
Active Installations: 1,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8512
NVD References:
- https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740
CVE-2024-10525 - Eclipse Mosquitto is vulnerable to out of bounds memory access in its on_subscribe callback due to a crafted SUBACK packet from a malicious broker, affecting mosquitto_sub and mosquitto_rr clients.
Product: Eclipse Mosquitto
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10525
NVD References:
- https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190
- https://mosquitto.org/blog/2024/10/version-2-0-19-released/
CVE-2024-23309 - The LevelOne WBR-6012 router is vulnerable to an authentication bypass due to its reliance on client IP addresses for authentication, allowing attackers to gain unauthorized access by spoofing an IP address.
Product: LevelOne WBR-6012_router
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23309
NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996
CVE-2024-33699 - The LevelOne WBR-6012 router's firmware version R0.40e6 allows attackers to change the administrator password without current credentials.
Product: LevelOne WBR-6012 router
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33699
NVD References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984
CVE-2024-51252, CVE-2024-51255, CVE-2024-51259, CVE-2024-51260, CVE-2024-51298 - Draytek Vigor3900 1.5.1.3 command injection vulnerabilities
Product: Draytek Vigor3900
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51252
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51255
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51259
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51260
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51298
NVD References: https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf
CVE-2024-10456 - Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are vulnerable to a deserialization attack on the Device-Gateway, allowing unauthorized deserialization of .NET objects.
Product: Delta Electronics InfraSuite Device Master
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10456
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03
CVE-2024-48202 - icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
Product: icecms
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48202
NVD References: https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-48202.md
CVE-2024-48112 - A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
Product: ThinkPHP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48112
NVD References:
- https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md
CVE-2024-51424 & CVE-2024-51427 - Ethereum v.1.12.2 vulnerabilities allow remote attacker to execute arbitrary code
Product: Ethereum Owned & Ethereum PepeGxng
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51424
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51427
NVD References: https://github.com/Wzy-source/Gala/blob/main/CVEs/AURA_0x967d176328948e4db4446b8caf623ff9b47221fb.md
NVD References: https://github.com/Wzy-source/Gala/blob/main/CVEs/PepeGxng_0x5d8d1f28cad84fad8d2fea9fdd4ab5022d23b0fe.md
CVE-2024-10392 - The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to upload files and potentially enable remote code execution.
Product: WordPress AI Power: Complete AI Pack
Active Installations: 10,000+
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10392
NVD References: https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve
CVE-2024-48307 - JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
Product: JeecgBoot
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48307
NVD References:
- https://github.com/jeecgboot
CVE-2024-42835 - langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
Product: langflow PythonCodeTool
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42835
NVD References: https://github.com/langflow-ai/langflow/issues/2908
CVE-2024-48910 - DOMPurify, a fast XSS sanitizer for HTML, MathML, and SVG, was vulnerable to prototype pollution in version 2.4.1, but the issue has been fixed in 2.4.2.
Product: DOMPurify
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48910
NVD References:
- https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
- https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
CVE-2024-51478 - YesWiki prior to version 4.4.5 uses a weak cryptographic algorithm and hard-coded salt for password reset keys, allowing for password reset exploitation.
Product: YesWiki
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51478
NVD References:
- https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc
- https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7
- https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3
CVE-2024-51482 - ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in web/ajax/event.php, fixed in version 1.37.64.
Product: ZoneMinder
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51482
NVD References:
- https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f
- https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3
CVE-2023-52044 - Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) due to unrestricted file uploads with the .php8 extension.
Product: Studio-42 eLfinder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52044
NVD References: https://github.com/Studio-42/elFinder/issues/3615
CVE-2024-39332 - Webswing 23.2.2 is vulnerable to remote code execution due to an ability for attackers to modify client-side JavaScript code and achieve path traversal.
Product: WebswingCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-39332NVD References: https://herolab.usd.de/security-advisories/usd-2024-0008/CVE-2024-42515 - Glossarizer through 1.5.2 is vulnerable to stored XSS due to improper HTML conversion, allowing attackers to append an XSS payload to glossary entries.Product: Glossarizer CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42515NVD References: - https://github.com/PebbleRoad/glossarizer- https://herolab.usd.de/security-advisories/usd-2024-0011/- https://www.npmjs.com/package/glossarizerCVE-2024-51060 - Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.Product: Projectworlds Online Admission SystemCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51060NVD References: - http://projectworld.com- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51060CVE-2024-51063 through CVE-2024-51065 - Phpgurukul Teachers Record Management System v2.1 and Beauty Parlour Management System v1.1 are vulnerable to SQL InjectionProduct: Phpgurukul eachers Record Management System and Phpgurukul Beauty Parlour Management SystemCVSS Scores: 9.1 - 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51063NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51064NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51065NVD References: - http://phpgurukul.com- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51063- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51064- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51065CVE-2024-48359 - Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.Product: Qualitor v8.24CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48359NVD References: https://github.com/OpenXP-Research/CVE-2024-48359CVE-2024-10595 - ESAFENET CDG 5 is vulnerable to a critical SQL injection in the delFile/delDifferCourseList function of PublicDocInfoAjax.java, allowing for remote attacks after the exploit was publicly disclosed and vendor failed to respond.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10595NVD References: https://flowus.cn/share/651b6010-4701-4cec-a5a3-6e01e22636b9?code=G8A6P3CVE-2024-10600 - CVE-2024-10602, CVE-2024-10615 - CVE-2024-10619, CVE-2024-10655 - CVE-2024-10658, CVE-2024-10730 - CVE-2024-10732 - Tongda OA critical SQL injection vulnerabilitiesProduct: Tongda2000 Office AnywhereCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10600NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10601 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10602NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10615NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10616NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10617NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10618NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10619NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10655NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10656NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10657NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10658NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10730NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10731NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10732NVD References: https://github.com/LvZCh/td/issuesCVE-2024-10607 & CVE-2024-10608 - Courier Management System 1.0 critical SQL injection vulnerabilitiesProduct: Carmelogarcia Courier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10607NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10608NVD References: - https://code-projects.org/- https://github.com/yanhuoshanjin/cve/issues/1- https://github.com/AXUyaku/cve/issues/1CVE-2024-10609 - iSourceCode Tailoring Management System Project 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument sex in file typeadd.php, allowing for remote initiation of the exploit.Product: Angeljudesuarez Tailoring Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10609NVD References: - https://github.com/Lanxiy7th/lx_CVE_report-/issues/17- https://itsourcecode.com/CVE-2024-10659 - ESAFENET CDG 5 is vulnerable to a critical sql injection flaw in the delSystemEncryptPolicy function of the CDGAuthoriseTempletService.java file, allowing remote attackers to exploit the id argument and potentially launch attacks.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10659NVD References: https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3CVE-2024-10660 - ESAFENET CDG 5 is susceptible to a critical sql injection vulnerability in the deleteHook function of the HookService.java file, allowing for remote attacks exploiting the manipulation of the hookId argument.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10660NVD References: https://flowus.cn/share/9d33a5d8-87b1-…
CVE-2024-51060 - Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.
Product: Projectworlds Online Admission System
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51060
NVD References:
- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51060
CVE-2024-51063 through CVE-2024-51065 - Phpgurukul Teachers Record Management System v2.1 and Beauty Parlour Management System v1.1 are vulnerable to SQL Injection
Product: Phpgurukul eachers Record Management System and Phpgurukul Beauty Parlour Management SystemCVSS Scores: 9.1 - 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51063NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51064NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51065NVD References: - http://phpgurukul.com- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51063- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51064- https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51065CVE-2024-48359 - Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.Product: Qualitor v8.24CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48359NVD References: https://github.com/OpenXP-Research/CVE-2024-48359CVE-2024-10595 - ESAFENET CDG 5 is vulnerable to a critical SQL injection in the delFile/delDifferCourseList function of PublicDocInfoAjax.java, allowing for remote attacks after the exploit was publicly disclosed and vendor failed to respond.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10595NVD References: https://flowus.cn/share/651b6010-4701-4cec-a5a3-6e01e22636b9?code=G8A6P3CVE-2024-10600 - CVE-2024-10602, CVE-2024-10615 - CVE-2024-10619, CVE-2024-10655 - CVE-2024-10658, CVE-2024-10730 - CVE-2024-10732 - Tongda OA critical SQL injection vulnerabilitiesProduct: Tongda2000 Office AnywhereCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10600NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10601 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10602NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10615NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10616NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10617NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10618NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10619NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10655NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10656NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10657NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10658NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10730NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10731NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10732NVD References: https://github.com/LvZCh/td/issuesCVE-2024-10607 & CVE-2024-10608 - Courier Management System 1.0 critical SQL injection vulnerabilitiesProduct: Carmelogarcia Courier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10607NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10608NVD References: - https://code-projects.org/- https://github.com/yanhuoshanjin/cve/issues/1- https://github.com/AXUyaku/cve/issues/1CVE-2024-10609 - iSourceCode Tailoring Management System Project 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument sex in file typeadd.php, allowing for remote initiation of the exploit.Product: Angeljudesuarez Tailoring Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10609NVD References: - https://github.com/Lanxiy7th/lx_CVE_report-/issues/17- https://itsourcecode.com/CVE-2024-10659 - ESAFENET CDG 5 is vulnerable to a critical sql injection flaw in the delSystemEncryptPolicy function of the CDGAuthoriseTempletService.java file, allowing remote attackers to exploit the id argument and potentially launch attacks.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10659NVD References: https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3CVE-2024-10660 - ESAFENET CDG 5 is susceptible to a critical sql injection vulnerability in the deleteHook function of the HookService.java file, allowing for remote attacks exploiting the manipulation of the hookId argument.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10660NVD References: https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3CVE-2024-51431 - LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.Product: LB-Link BL-WR 1300HCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51431NVD References: - https://github.com/MatJosephs/CVEs/tree/main/CVE-2024-51431- https://www.lb-link.com/CVE-2024-10697 - Tenda AC6 15.03.05.19 is vulnerable to a critical command injection flaw in the formWriteFacMac function, allowing for remote attacks.Product: Tenda AC6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10697NVD References: - https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md- https://www.tenda.com.cn/CVE-2024-10698 - Tenda AC6 15.03.05.19 is vulnerable to a critical stack-based buffer overflow in the function formSetDeviceName, allowing for remote attacks.Product: Tenda AC6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10698NVD References: - https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDev…
CVE-2024-48359 - Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.
Product: Qualitor v8.24
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48359
NVD References: https://github.com/OpenXP-Research/CVE-2024-48359
CVE-2024-10595 - ESAFENET CDG 5 is vulnerable to a critical SQL injection in the delFile/delDifferCourseList function of PublicDocInfoAjax.java, allowing for remote attacks after the exploit was publicly disclosed and vendor failed to respond.
Product: ESAFENET CDG 5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10595
NVD References: https://flowus.cn/share/651b6010-4701-4cec-a5a3-6e01e22636b9?code=G8A6P3
CVE-2024-10600 - CVE-2024-10602,
CVE-2024-10600 - CVE-2024-10602,
CVE-2024-10615 - CVE-2024-10619,
CVE-2024-10615 - CVE-2024-10619,
CVE-2024-10655 - CVE-2024-10658,
CVE-2024-10655 - CVE-2024-10658,
CVE-2024-10730 - CVE-2024-10732 - Tongda OA critical SQL injection vulnerabilities
Product: Tongda2000 Office AnywhereCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10600NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10601 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10602NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10615NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10616NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10617NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10618NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10619NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10655NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10656NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10657NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10658NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10730NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10731NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10732NVD References: https://github.com/LvZCh/td/issuesCVE-2024-10607 & CVE-2024-10608 - Courier Management System 1.0 critical SQL injection vulnerabilitiesProduct: Carmelogarcia Courier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10607NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10608NVD References: - https://code-projects.org/- https://github.com/yanhuoshanjin/cve/issues/1- https://github.com/AXUyaku/cve/issues/1CVE-2024-10609 - iSourceCode Tailoring Management System Project 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument sex in file typeadd.php, allowing for remote initiation of the exploit.Product: Angeljudesuarez Tailoring Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10609NVD References: - https://github.com/Lanxiy7th/lx_CVE_report-/issues/17- https://itsourcecode.com/CVE-2024-10659 - ESAFENET CDG 5 is vulnerable to a critical sql injection flaw in the delSystemEncryptPolicy function of the CDGAuthoriseTempletService.java file, allowing remote attackers to exploit the id argument and potentially launch attacks.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10659NVD References: https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3CVE-2024-10660 - ESAFENET CDG 5 is susceptible to a critical sql injection vulnerability in the deleteHook function of the HookService.java file, allowing for remote attacks exploiting the manipulation of the hookId argument.Product: ESAFENET CDG 5CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10660NVD References: https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3CVE-2024-51431 - LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.Product: LB-Link BL-WR 1300HCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51431NVD References: - https://github.com/MatJosephs/CVEs/tree/main/CVE-2024-51431- https://www.lb-link.com/CVE-2024-10697 - Tenda AC6 15.03.05.19 is vulnerable to a critical command injection flaw in the formWriteFacMac function, allowing for remote attacks.Product: Tenda AC6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10697NVD References: - https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md- https://www.tenda.com.cn/CVE-2024-10698 - Tenda AC6 15.03.05.19 is vulnerable to a critical stack-based buffer overflow in the function formSetDeviceName, allowing for remote attacks.Product: Tenda AC6CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10698NVD References: - https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md- https://www.tenda.com.cn/CVE-2024-10699 - Wazifa System 1.0 is vulnerable to a critical SQL injection attack in the /controllers/logincontrol.php file, allowing for remote exploitation.Product: Anisha Wazifa SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10699NVD References: - https://code-projects.org/- https://github.com/lan041221/cve/blob/main/sql9.mdCVE-2024-10700 - University Event Management System 1.0 is vulnerable to a critical SQL injection attack in submit.php, affecting multiple parameters.Product: Anisha University Event Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10700NVD References: - https://code-projects.org/- https://github.com/aa1928992772/CVE/blob/main/sqlInjection.mdCVE-2024-10702 - Simple Car Rental System 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument fname in /signup.php, allowing for remote exploitation.Product: Fabinros Simple Car Rental SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10702NVD References: - https://code-projects.org/- https://github.com/imTedCao/cve/issues/1CVE-2024-10733 - Restaurant Order System 1.0 is vulnerable to a critical SQL injection issue in the /login.php file, allowing for remote attacks by manipulating the argument uid.Product: Carmelogarcia Restaurant O…
CVE-2024-10609 - iSourceCode Tailoring Management System Project 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument sex in file typeadd.php, allowing for remote initiation of the exploit.
Product: Angeljudesuarez Tailoring Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10609
NVD References:
CVE-2024-10659 - ESAFENET CDG 5 is vulnerable to a critical sql injection flaw in the delSystemEncryptPolicy function of the CDGAuthoriseTempletService.java file, allowing remote attackers to exploit the id argument and potentially launch attacks.
Product: ESAFENET CDG 5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10659
NVD References: https://flowus.cn/share/eaefcf21-6a72-48f8-bc18-a4889512bfe5?code=G8A6P3
CVE-2024-10660 - ESAFENET CDG 5 is susceptible to a critical sql injection vulnerability in the deleteHook function of the HookService.java file, allowing for remote attacks exploiting the manipulation of the hookId argument.
Product: ESAFENET CDG 5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10660
NVD References: https://flowus.cn/share/9d33a5d8-87b1-482b-8642-a8fcf27585ba?code=G8A6P3
CVE-2024-51431 - LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
Product: LB-Link BL-WR 1300H
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51431
NVD References:
- https://github.com/MatJosephs/CVEs/tree/main/CVE-2024-51431
CVE-2024-10697 - Tenda AC6 15.03.05.19 is vulnerable to a critical command injection flaw in the formWriteFacMac function, allowing for remote attacks.
Product: Tenda AC6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10697
NVD References:
CVE-2024-10698 - Tenda AC6 15.03.05.19 is vulnerable to a critical stack-based buffer overflow in the function formSetDeviceName, allowing for remote attacks.
Product: Tenda AC6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10698
NVD References:
CVE-2024-10699 - Wazifa System 1.0 is vulnerable to a critical SQL injection attack in the /controllers/logincontrol.php file, allowing for remote exploitation.
Product: Anisha Wazifa System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10699
NVD References:
- https://github.com/lan041221/cve/blob/main/sql9.md
CVE-2024-10700 - University Event Management System 1.0 is vulnerable to a critical SQL injection attack in submit.php, affecting multiple parameters.
Product: Anisha University Event Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10700
NVD References:
- https://github.com/aa1928992772/CVE/blob/main/sqlInjection.md
CVE-2024-10702 - Simple Car Rental System 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument fname in /signup.php, allowing for remote exploitation.
Product: Fabinros Simple Car Rental System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10702
NVD References:
- https://github.com/imTedCao/cve/issues/1
CVE-2024-10733 - Restaurant Order System 1.0 is vulnerable to a critical SQL injection issue in the /login.php file, allowing for remote attacks by manipulating the argument uid.
Product: Carmelogarcia Restaurant Order System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10733
NVD References:
- https://github.com/415Curry/cve/issues/1
CVE-2024-10734 & CVE-2024-10735 - Project Worlds Life Insurance Management System 1.0 critical sql injection vulnerabilities
Product: Project Worlds Life Insurance Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10734
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10735
NVD References:
- https://github.com/peteryang520/Cve-report/blob/main/SQLi-1.md
- https://github.com/GKb0y/Cve-report/blob/main/SQLi-life-insurance-management-system.md
CVE-2024-10738 - itsourcecode Farm Management System 1.0 is vulnerable to SQL injection in the file manage-breed.php, allowing for remote attacks.
Product: Angeljudesuarez Farm Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10738
NVD References:
- https://github.com/Nightmaremassacre/cve/issues/3
CVE-2024-10739, CVE-2024-10740, & CVE-2024-10741 - E-Health Care System 1.0 critical sql injection issues
Product: Anisha E-Health Care System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10739
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10740
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10741
NVD References:
- https://github.com/UnrealdDei/cve/blob/main/sql11.md
- https://github.com/1270512529/cve/blob/main/sql.md
- https://github.com/maxihongtatum/cve/blob/main/sql14.md
CVE-2024-10758 - Anirbandutta9 Content Management System and News-Buzz 1.0 is vulnerable to a critical SQL injection flaw in /index.php, allowing remote attackers to manipulate the user_name argument and potentially initiate an attack, with the exploit publicly disclosed for potential use.
Product: Anirbandutta9 News-Buzz
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10758
NVD References: https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md
CVE-2024-23590 - Apache Kylin is vulnerable to Session Fixation from version 2.0.0 through 4.x, and users should upgrade to 5.0.0 or above to mitigate the issue.
Product: Apache Kylin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23590
NVD References: https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml
CVE-2024-51136 - Dmoz2CSV in openimaj v1.3.10 is susceptible to an XXE vulnerability that enables attackers to access sensitive data or execute malicious code by providing a manipulated XML file.
Product: openimaj Dmoz2CSV
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51136
NVD References:
- https://github.com/openimaj/openimaj
- https://github.com/openimaj/openimaj/issues/382
- https://mvnrepository.com/artifact/org.openimaj.tools/WebTools
CVE-2024-51327 - ProjectWorld's Travel Management System v1.0 is vulnerable to SQL Injection in loginform.php, allowing remote attackers to bypass authentication.
Product: ProjectWorld Travel Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51327
NVD References:
- https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypass
CVE-2024-10687 - The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery plugin for WordPress is vulnerable to time-based SQL Injection allowing unauthenticated attackers to extract sensitive information from the database.
Product: The Plugin Republic Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10687
NVD References:
CVE-2023-29118, CVE-2023-29119, & CVE-2023-29120 - Waybox Enel X web management application SQL and OS Command injection vulnerabilities
Product: Waybox Enel X web management application
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29118
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29119
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29120
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CVE-2023-29121 - Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
Product: Waybox Enel TCF Agent
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29121
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CVE-2023-29125 - A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
Product: Vendor: Garmin
Product: GTN Xi Series GPS Navigators
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29125
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CVE-2024-42509 & CVE-2024-47460 - Aruba's CLI service is vulnerable to unauthorized remote code execution via specially crafted packets sent to the PAPI UDP port.
Product: Aruba PAPI (Aruba's Access Point management protocol)
CVSS Scores: 9.0 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42509
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47460
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CVE-2024-1561 - Gradio-app/gradio is vulnerable to unauthorized local file read access via the `/component_server` endpoint, allowing attackers to copy files from the host machine.
Product: gradio-app/gradio
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1561
ISC Diary: https://isc.sans.edu/diary/31408
CVE-2024-27920 - Nuclei v3 is vulnerable to execution of unsigned code templates through custom workflows, potentially enabling malicious code execution on users' systems.
Product: projectdiscovery nuclei
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27920
ISC Diary: https://isc.sans.edu/diary/31408
CVE-2008-2052 - Bitrix Site Manager 6.5 is vulnerable to open redirect attacks, allowing remote attackers to redirect users to malicious websites and conduct phishing scams through a specially crafted URL.
Product: Bitrix24 Bitrix_Site_Manager 6.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2008-2052
ISC Diary: https://isc.sans.edu/diary/31408
CVE-2024-43984 - Podlove Podcast Publisher is vulnerable to a CSRF issue allowing Code Injection from versions n/a through 4.1.13.
Product: Podlove Poodle Podcast Publisher
Active Installations: 5,000+
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43984
CVE-2024-51661 - David Lingren Media Library Assistant is vulnerable to OS Command Injection from n/a through 3.19.
Product: David Lingren Media Library Assistant
Active Installations: 70,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51661
The following QNAP vulnerabilities need a manual review:
CVE-2024-50388 - Vulnerability in QNAP HBS 3 Hybrid Backup Sync (PWN2OWN 2024)
Product: QNAP HBS 3 Hybrid Backup Sync
References: https://www.qnap.com/en-us/security-advisory/qsa-24-41
CVE-2024-50387 - Vulnerability in QNAP SMB Service (PWN2OWN 2024)
Product: QNAP SMB Service
References: https://www.qnap.com/en/security-advisory/qsa-24-42
CVE-2024-10697 - Tenda AC6 15.03.05.19 is vulnerable to a critical command injection flaw in the formWriteFacMac function, allowing for remote attacks.
Product: Tenda AC6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10697
NVD References:
CVE-2024-10698 - Tenda AC6 15.03.05.19 is vulnerable to a critical stack-based buffer overflow in the function formSetDeviceName, allowing for remote attacks.
Product: Tenda AC6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10698
NVD References:
CVE-2024-10699 - Wazifa System 1.0 is vulnerable to a critical SQL injection attack in the /controllers/logincontrol.php file, allowing for remote exploitation.
Product: Anisha Wazifa System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10699
NVD References:
CVE-2024-10700 - University Event Management System 1.0 is vulnerable to a critical SQL injection attack in submit.php, affecting multiple parameters.
Product: Anisha University Event Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10700
NVD References:
- https://github.com/aa1928992772/CVE/blob/main/sqlInjection.md
CVE-2024-10702 - Simple Car Rental System 1.0 is vulnerable to a critical sql injection attack through manipulation of the argument fname in /signup.php, allowing for remote exploitation.
Product: Fabinros Simple Car Rental System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10702
NVD References:
CVE-2024-10733 - Restaurant Order System 1.0 is vulnerable to a critical SQL injection issue in the /login.php file, allowing for remote attacks by manipulating the argument uid.
Product: Carmelogarcia Restaurant Order System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10733
NVD References:
CVE-2024-10734 & CVE-2024-10735 - Project Worlds Life Insurance Management System 1.0 critical sql injection vulnerabilities
Product: Project Worlds Life Insurance Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10734
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10735
NVD References:
- https://github.com/peteryang520/Cve-report/blob/main/SQLi-1.md
- https://github.com/GKb0y/Cve-report/blob/main/SQLi-life-insurance-management-system.md
CVE-2024-10738 - itsourcecode Farm Management System 1.0 is vulnerable to SQL injection in the file manage-breed.php, allowing for remote attacks.
Product: Angeljudesuarez Farm Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10738
NVD References:
CVE-2024-10739, CVE-2024-10740, & CVE-2024-10741 - E-Health Care System 1.0 critical sql injection issues
Product: Anisha E-Health Care System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10739
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10740
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10741
NVD References:
- https://github.com/UnrealdDei/cve/blob/main/sql11.md
CVE-2024-10758 - Anirbandutta9 Content Management System and News-Buzz 1.0 is vulnerable to a critical SQL injection flaw in /index.php, allowing remote attackers to manipulate the user_name argument and potentially initiate an attack, with the exploit publicly disclosed for potential use.
Product: Anirbandutta9 News-Buzz
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10758
NVD References: https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md
CVE-2024-23590 - Apache Kylin is vulnerable to Session Fixation from version 2.0.0 through 4.x, and users should upgrade to 5.0.0 or above to mitigate the issue.
Product: Apache Kylin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23590
NVD References: https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml
CVE-2024-51136 - Dmoz2CSV in openimaj v1.3.10 is susceptible to an XXE vulnerability that enables attackers to access sensitive data or execute malicious code by providing a manipulated XML file.
Product: openimaj Dmoz2CSV
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51136
NVD References:
- https://github.com/openimaj/openimaj
- https://github.com/openimaj/openimaj/issues/382
- https://mvnrepository.com/artifact/org.openimaj.tools/WebTools
CVE-2024-51327 - ProjectWorld's Travel Management System v1.0 is vulnerable to SQL Injection in loginform.php, allowing remote attackers to bypass authentication.
Product: ProjectWorld Travel Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51327
NVD References:
- https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypass
CVE-2024-10687 - The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery plugin for WordPress is vulnerable to time-based SQL Injection allowing unauthenticated attackers to extract sensitive information from the database.
Product: The Plugin Republic Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10687
NVD References:
CVE-2023-29118, CVE-2023-29119, & CVE-2023-29120 - Waybox Enel X web management application SQL and OS Command injection vulnerabilities
Product: Waybox Enel X web management application
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29118
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29119
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29120
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CVE-2023-29121 - Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
Product: Waybox Enel TCF Agent
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29121
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CVE-2023-29125 - A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
Product: Vendor: Garmin
Product: GTN Xi Series GPS Navigators
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-29125
NVD References: https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf
CVE-2024-42509 & CVE-2024-47460 - Aruba's CLI service is vulnerable to unauthorized remote code execution via specially crafted packets sent to the PAPI UDP port.
Product: Aruba PAPI (Aruba's Access Point management protocol)
CVSS Scores: 9.0 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42509
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47460
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
CVE-2024-1561 - Gradio-app/gradio is vulnerable to unauthorized local file read access via the `/component_server` endpoint, allowing attackers to copy files from the host machine.
Product: gradio-app/gradio
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1561
ISC Diary: https://isc.sans.edu/diary/31408
CVE-2024-27920 - Nuclei v3 is vulnerable to execution of unsigned code templates through custom workflows, potentially enabling malicious code execution on users' systems.
Product: projectdiscovery nuclei
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27920
ISC Diary: https://isc.sans.edu/diary/31408
CVE-2008-2052 - Bitrix Site Manager 6.5 is vulnerable to open redirect attacks, allowing remote attackers to redirect users to malicious websites and conduct phishing scams through a specially crafted URL.
Product: Bitrix24 Bitrix_Site_Manager 6.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2008-2052
ISC Diary: https://isc.sans.edu/diary/31408
CVE-2024-43984 - Podlove Podcast Publisher is vulnerable to a CSRF issue allowing Code Injection from versions n/a through 4.1.13.
Product: Podlove Poodle Podcast Publisher
Active Installations: 5,000+
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43984
CVE-2024-51661 - David Lingren Media Library Assistant is vulnerable to OS Command Injection from n/a through 3.19.
Product: David Lingren Media Library Assistant
Active Installations: 70,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51661
The following QNAP vulnerabilities need a manual review:
CVE-2024-50388 - Vulnerability in QNAP HBS 3 Hybrid Backup Sync (PWN2OWN 2024)
Product: QNAP HBS 3 Hybrid Backup Sync
References: https://www.qnap.com/en-us/security-advisory/qsa-24-41
CVE-2024-50387 - Vulnerability in QNAP SMB Service (PWN2OWN 2024)
Product: QNAP SMB Service
References: https://www.qnap.com/en/security-advisory/qsa-24-42
CVE-2024-50388 - Vulnerability in QNAP HBS 3 Hybrid Backup Sync (PWN2OWN 2024)
Product: QNAP HBS 3 Hybrid Backup Sync
References: https://www.qnap.com/en-us/security-advisory/qsa-24-41
CVE-2024-50387 - Vulnerability in QNAP SMB Service (PWN2OWN 2024)
Product: QNAP SMB Service
References: https://www.qnap.com/en/security-advisory/qsa-24-42
Sponsors
Vulcan Cyber
Are you exposed to one of the top-ten nastiest vulnerabilities of Q3? Download the Q3 2024 Vulnerability Watch report to find out. The report calls out vulns in Microsoft, OpenSSH, VMware and more, details exposure risk specifications, and provides practical mitigating actions for each. Stay one step ahead of the most-critical exposure risk.
SANS
Virtual Event: SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response | November 20, 10:30 AM ET | Join SANS Certified Instructor Josh Lemon and guest speakers as they provide insights into the prevalence of organizations maintaining separate detection and response teams, shedding light on the reasons behind such decisions and their implications for overall security posture.
SANS
Virtual Event: SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response | November 20, 10:30 AM ET | Join SANS Certified Instructor Josh Lemon and guest speakers as they provide insights into the prevalence of organizations maintaining separate detection and response teams, shedding light on the reasons behind such decisions and their implications for overall security posture.
SANS
Virtual Event: SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response | November 20, 10:30 AM ET | Join SANS Certified Instructor Josh Lemon and guest speakers as they provide insights into the prevalence of organizations maintaining separate detection and response teams, shedding light on the reasons behind such decisions and their implications for overall security posture.