π¨ CVE-2024-34618
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
π@cveNotify
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
π@cveNotify
π¨ CVE-2024-34619
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
π@cveNotify
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
π@cveNotify
π¨ CVE-2024-2400
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 to Linux which will roll out over the comi...
π¨ CVE-2024-3406
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
WPScan
WP Prayer <= 2.0.9 - Email Settings Update via CSRF
See details on WP Prayer <= 2.0.9 - Email Settings Update via CSRF CVE 2024-3406. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-3643
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
π@cveNotify
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
π@cveNotify
WPScan
Newsletter Popup <= 1.2 - List Deletion via CSRF
See details on Newsletter Popup <= 1.2 - List Deletion via CSRF CVE 2024-3643. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-35527
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file.
π@cveNotify
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file.
π@cveNotify
www.bastionsecurity.co.nz
FarCry Core Framework - Multiple issues
Multiple vulnerabilities were discovered in the FarCry Core framework which could allow an unauthenticated user to arbitrarily upload files and perform remote code execution on the underlying server.
π¨ CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
π@cveNotify
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
π@cveNotify
GitHub
Releases Β· gogs/gogs
Gogs is a painless self-hosted Git service. Contribute to gogs/gogs development by creating an account on GitHub.
π¨ CVE-2024-40892
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
π@cveNotify
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
π@cveNotify
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
π¨ CVE-2024-40893
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software
versions before 1.979. A physically close
attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.
π@cveNotify
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software
versions before 1.979. A physically close
attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.
π@cveNotify
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
π¨ CVE-2024-41710
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
π@cveNotify
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
π@cveNotify
GitHub
CVE/Mitel/6.3.0.1020/README.md at main Β· kwburns/CVE
A repository containing exploit code / zero-day research I've worked on. - kwburns/CVE
π¨ CVE-2024-42546
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
π@cveNotify
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3100R/loginauth_password.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2024-42547
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
π@cveNotify
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
π@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3100R/loginauth.md at main Β· noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
π¨ CVE-2024-6768
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
π@cveNotify
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
π@cveNotify
A Dive into Earth Bakuβs Latest Campaign | Trend Micro (US)
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html
π@malwr
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html
π@malwr
Trend Micro
A Dive into Earth Bakuβs Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initialβ¦
π¨ CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
π@cveNotify
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
π@cveNotify
π¨ CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
π@cveNotify
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
π@cveNotify
π¨ CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
π@cveNotify
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
π@cveNotify
Splunk Vulnerability Disclosure
Risky command safeguards bypass in Dashboard Examples Hub
In Splunk Enterprise versions below 9.2.1, 9.1.4 and 9.0.9, and Splunk Cloud Platform versions below 9.1.2312.104 and 9.1.2308.205, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands, which could allow anβ¦
π¨ CVE-2023-5971
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Save as PDF < 3.2.0 - Admin+ Stored XSS
See details on Save as PDF < 3.2.0 - Admin+ Stored XSS CVE 2023-5971. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-41884
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
π@cveNotify
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
π@cveNotify
GitHub
Only allow Events Columns for sort. Fixes GHSA-2qp3-fwpv-mc96. Fixes β¦ Β· ZoneMinder/zoneminder@677f6a3
β¦GHSA-9cmr-7437-v9fj
π¨ CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
π@cveNotify
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
π@cveNotify
π¨ CVE-2024-21767
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
π@cveNotify
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
π@cveNotify