AttackerKB
attackerkb
New assessment for topic: CVE-2022-24521
Topic description: "Windows Common Log File System Driver Elevation of Privilege Vulnerability ..."
"RansomHub affiliate observed in abusing this vulnerability including 3 files that were weaponizing this vulnerability: https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor ..."
Link: https://attackerkb.com/assessments/9572a87d-9159-4573-b90d-bbacbe294965
Topic description: "Windows Common Log File System Driver Elevation of Privilege Vulnerability ..."
"RansomHub affiliate observed in abusing this vulnerability including 3 files that were weaponizing this vulnerability: https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor ..."
Link: https://attackerkb.com/assessments/9572a87d-9159-4573-b90d-bbacbe294965
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2025-24799
Topic description: "GLPI is a free asset and IT management software package ..."
"On February 12th, 2025 GLPI released version `10.0.18` which included a patch for CVE-2024-24799, a SQLi vulnerability affecting versions `10.0.0` to `10.0.17` ..."
Link: https://attackerkb.com/assessments/7b879784-36c7-41d4-9f0b-258ae925cb27
Topic description: "GLPI is a free asset and IT management software package ..."
"On February 12th, 2025 GLPI released version `10.0.18` which included a patch for CVE-2024-24799, a SQLi vulnerability affecting versions `10.0.0` to `10.0.17` ..."
Link: https://attackerkb.com/assessments/7b879784-36c7-41d4-9f0b-258ae925cb27
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-12971
Topic description: "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 ..."
"This is a similar RCE like [CVE-2024-12992](https://attackerkb.com/topics/Aua29E9XcB/cve-2024-12992) but now in the `Chromium-path` and `Phantomjs-bin` directory settings at the Pandora FMS application. ..."
Link: https://attackerkb.com/assessments/bc5c36bb-8560-42e1-b19f-aa247fdb3d8a
Topic description: "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 ..."
"This is a similar RCE like [CVE-2024-12992](https://attackerkb.com/topics/Aua29E9XcB/cve-2024-12992) but now in the `Chromium-path` and `Phantomjs-bin` directory settings at the Pandora FMS application. ..."
Link: https://attackerkb.com/assessments/bc5c36bb-8560-42e1-b19f-aa247fdb3d8a
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-12992
Topic description: "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE ..."
" I found a RCE in the goTTY QuickShell implementation that was, according the documentation, introduced in Pandora FMS version 774. ..."
Link: https://attackerkb.com/assessments/047449bc-986d-481f-a8b3-c2b3b8d579d6
Topic description: "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE ..."
" I found a RCE in the goTTY QuickShell implementation that was, according the documentation, introduced in Pandora FMS version 774. ..."
Link: https://attackerkb.com/assessments/047449bc-986d-481f-a8b3-c2b3b8d579d6
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2025-24813
Topic description: "Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. ..."
"On March 10, 2025, the Apache Software Foundation [published](https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq) an advisory for [CVE-2025-24813](https://nvd.nist.gov/vuln/detail/CVE-2025-24813), an unauthenticated remote code execution vulnerability in Apache Tomcat’s “partial PUT” feature ..."
Link: https://attackerkb.com/assessments/1a24556d-24fb-4017-be67-e4ab39c76566
Topic description: "Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. ..."
"On March 10, 2025, the Apache Software Foundation [published](https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq) an advisory for [CVE-2025-24813](https://nvd.nist.gov/vuln/detail/CVE-2025-24813), an unauthenticated remote code execution vulnerability in Apache Tomcat’s “partial PUT” feature ..."
Link: https://attackerkb.com/assessments/1a24556d-24fb-4017-be67-e4ab39c76566
0
1
1
AttackerKB
attackerkb
New assessment for topic: CVE-2019-1068
Topic description: "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. ..."
"[metadata only] ..."
Link: https://attackerkb.com/assessments/62a5a5b7-5f8f-47c8-a46d-ef32f994d28d
Topic description: "A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. ..."
"[metadata only] ..."
Link: https://attackerkb.com/assessments/62a5a5b7-5f8f-47c8-a46d-ef32f994d28d
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-30085
Topic description: "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability ..."
"CVE-2024-30085 is a heap-based buffer overflow in the Windows Cloud Filter Mini Driver ..."
Link: https://attackerkb.com/assessments/7bdbab3a-f30c-46b2-ac66-e399624eb6d7
Topic description: "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability ..."
"CVE-2024-30085 is a heap-based buffer overflow in the Windows Cloud Filter Mini Driver ..."
Link: https://attackerkb.com/assessments/7bdbab3a-f30c-46b2-ac66-e399624eb6d7
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-43451
Topic description: "NTLM Hash Disclosure Spoofing Vulnerability ..."
"CVE-2024-43451 is a Windows NTLM hash disclosure vulnerability categorized as a "spoofing" flaw that affects all supported Microsoft Windows versions, including Windows 10, Windows 11, and Windows Server editions. ..."
Link: https://attackerkb.com/assessments/f3043ff4-f3e9-4120-a46d-16868c8e27f9
Topic description: "NTLM Hash Disclosure Spoofing Vulnerability ..."
"CVE-2024-43451 is a Windows NTLM hash disclosure vulnerability categorized as a "spoofing" flaw that affects all supported Microsoft Windows versions, including Windows 10, Windows 11, and Windows Server editions. ..."
Link: https://attackerkb.com/assessments/f3043ff4-f3e9-4120-a46d-16868c8e27f9
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-55555
Topic description: "Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY ..."
"Laravel PHP applications can be exploited due to bad implementations of decryption mechanisms ..."
Link: https://attackerkb.com/assessments/bed328ac-6982-4a75-95f5-170ff0ea894d
Topic description: "Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY ..."
"Laravel PHP applications can be exploited due to bad implementations of decryption mechanisms ..."
Link: https://attackerkb.com/assessments/bed328ac-6982-4a75-95f5-170ff0ea894d
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2025-27218
Topic description: "Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. ..."
"On January 6, 2025, Sitecore published a security bulletin, [SC2024-002-624693](https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535) , for a critical unauthenticated remote code execution (RCE) vulnerability affecting the products Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 ..."
Link: https://attackerkb.com/assessments/54a61ef3-00e8-47cf-a4d0-c36950f2e373
Topic description: "Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. ..."
"On January 6, 2025, Sitecore published a security bulletin, [SC2024-002-624693](https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535) , for a critical unauthenticated remote code execution (RCE) vulnerability affecting the products Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 ..."
Link: https://attackerkb.com/assessments/54a61ef3-00e8-47cf-a4d0-c36950f2e373
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2025-0282
Topic description: "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. ..."
"Microsoft released a report observing a state-sponsored actor called Silk Typhoon abusing this vulnerability, hence we added a the tag to reflect this ..."
Link: https://attackerkb.com/assessments/8dd72440-c8b5-41bb-a6c4-2396ca7e2f02
Topic description: "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. ..."
"Microsoft released a report observing a state-sponsored actor called Silk Typhoon abusing this vulnerability, hence we added a the tag to reflect this ..."
Link: https://attackerkb.com/assessments/8dd72440-c8b5-41bb-a6c4-2396ca7e2f02
0
1
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-55556
Topic description: "A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data ..."
"[metadata only] ..."
Link: https://attackerkb.com/assessments/3635027c-977c-4cda-a659-857dbf2df5dc
Topic description: "A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data ..."
"[metadata only] ..."
Link: https://attackerkb.com/assessments/3635027c-977c-4cda-a659-857dbf2df5dc
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-12356
Topic description: "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. ..."
"Hello, I am a college student ..."
Link: https://attackerkb.com/assessments/bafc9e8f-15c9-4dbc-be46-9797537ea08d
Topic description: "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. ..."
"Hello, I am a college student ..."
Link: https://attackerkb.com/assessments/bafc9e8f-15c9-4dbc-be46-9797537ea08d
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-12084
Topic description: "A heap-based buffer overflow flaw was found in the rsync daemon ..."
"Based upon writing a [technical analysis](https://attackerkb.com/topics/UM2s9nB7k4/cve-2024-12084/rapid7-analysis) of this vuln, I have rated the exploitability as Low, as exploitation of this heap based overflow is limited and will take further work to develop into a full RCE ..."
Link: https://attackerkb.com/assessments/4db6027b-a197-4238-acc5-b0af55f459b3
Topic description: "A heap-based buffer overflow flaw was found in the rsync daemon ..."
"Based upon writing a [technical analysis](https://attackerkb.com/topics/UM2s9nB7k4/cve-2024-12084/rapid7-analysis) of this vuln, I have rated the exploitability as Low, as exploitation of this heap based overflow is limited and will take further work to develop into a full RCE ..."
Link: https://attackerkb.com/assessments/4db6027b-a197-4238-acc5-b0af55f459b3
0
0
0
AttackerKB
attackerkb
New Rapid7 Analysis on AttackerKB topic: CVE-2024-12084
"On January 14, 2025, 6 vulnerabilities within rsync were disclosed via the [oss-security mailing list](https://www.openwall.com/lists/oss-security/2025/01/14/3) ..."
Link: https://attackerkb.com/topics/c6bb75f4-0187-4b29-bda4-224685376a33
"On January 14, 2025, 6 vulnerabilities within rsync were disclosed via the [oss-security mailing list](https://www.openwall.com/lists/oss-security/2025/01/14/3) ..."
Link: https://attackerkb.com/topics/c6bb75f4-0187-4b29-bda4-224685376a33
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-57728
Topic description: "SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e ..."
"Between January 8th and 13th 2025, SimpleHelp RMM released patches for a set of vulnerabilities including an authenticated file upload affecting the following versions: ..."
Link: https://attackerkb.com/assessments/ceb2ad15-73e9-4da8-887d-ff69dbb8ee91
Topic description: "SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e ..."
"Between January 8th and 13th 2025, SimpleHelp RMM released patches for a set of vulnerabilities including an authenticated file upload affecting the following versions: ..."
Link: https://attackerkb.com/assessments/ceb2ad15-73e9-4da8-887d-ff69dbb8ee91
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-57727
Topic description: "SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests ..."
"Between January 8th and 13th 2025, SimpleHelp RMM released patches for a set of vulnerabilities including an unauthenticated path traversal affecting the following versions: ..."
Link: https://attackerkb.com/assessments/1711e1d9-4407-4c28-ae4e-379952e65026
Topic description: "SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests ..."
"Between January 8th and 13th 2025, SimpleHelp RMM released patches for a set of vulnerabilities including an unauthenticated path traversal affecting the following versions: ..."
Link: https://attackerkb.com/assessments/1711e1d9-4407-4c28-ae4e-379952e65026
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2025-0108
Topic description: "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts ..."
"On February 12, 2025, Palo Alto Networks published an [advisory for CVE-2025-0108](https://security.paloaltonetworks.com/CVE-2025-0108) ..."
Link: https://attackerkb.com/assessments/951efdb5-288e-4608-8bde-667656782321
Topic description: "An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts ..."
"On February 12, 2025, Palo Alto Networks published an [advisory for CVE-2025-0108](https://security.paloaltonetworks.com/CVE-2025-0108) ..."
Link: https://attackerkb.com/assessments/951efdb5-288e-4608-8bde-667656782321
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-12356
Topic description: "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. ..."
"Based upon both writing a [technical analysis](https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356#rapid7-analysis) of this vuln, and an accompanying [Metasploit exploit module](https://github.com/rapid7/metasploit-framework/pull/19877), I have rated the exploitability as `Very High`, as exploitation is reliable, repeatable, and can be fully automated by an exploit script ..."
Link: https://attackerkb.com/assessments/4b8511fd-3dcf-4ea3-8dd2-7df3b2245055
Topic description: "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. ..."
"Based upon both writing a [technical analysis](https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356#rapid7-analysis) of this vuln, and an accompanying [Metasploit exploit module](https://github.com/rapid7/metasploit-framework/pull/19877), I have rated the exploitability as `Very High`, as exploitation is reliable, repeatable, and can be fully automated by an exploit script ..."
Link: https://attackerkb.com/assessments/4b8511fd-3dcf-4ea3-8dd2-7df3b2245055
0
0
0
AttackerKB
attackerkb
New Rapid7 Analysis on AttackerKB topic: CVE-2024-12356
"On December 16, 2024, BeyondTrust published both [an advisory](https://www.beyondtrust.com/trust-center/security-advisories/bt24-10) and patches for CVE-2024-12356, a critical unauthenticated remote code execution (RCE) vulnerability affecting the products Privileged Remote Access (PRA) and Remote Support (RS) ..."
Link: https://attackerkb.com/topics/bf309bc8-5c3d-4ad1-bd68-0c095978cce6
"On December 16, 2024, BeyondTrust published both [an advisory](https://www.beyondtrust.com/trust-center/security-advisories/bt24-10) and patches for CVE-2024-12356, a critical unauthenticated remote code execution (RCE) vulnerability affecting the products Privileged Remote Access (PRA) and Remote Support (RS) ..."
Link: https://attackerkb.com/topics/bf309bc8-5c3d-4ad1-bd68-0c095978cce6
0
0
0