AttackerKB
attackerkb
New assessment for topic: CVE-2023-47218
Topic description: "An OS command injection vulnerability has been reported to affect several QNAP operating system versions ..."
"An unauthenticated command injection vulnerability exists in the `quick.cgi` component of the web administration server for QNAP QTS and QuTS Hero operating systems, used by numerous QNAP NAS devices ..."
Link: https://www.attackerkb.com/assessments/361bb4d2-f43a-4b49-aba7-8cfba4d74d75
Topic description: "An OS command injection vulnerability has been reported to affect several QNAP operating system versions ..."
"An unauthenticated command injection vulnerability exists in the `quick.cgi` component of the web administration server for QNAP QTS and QuTS Hero operating systems, used by numerous QNAP NAS devices ..."
Link: https://www.attackerkb.com/assessments/361bb4d2-f43a-4b49-aba7-8cfba4d74d75
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-20328
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"ClamAV is a open-source antivirus engine that has been around for the past 21 years and runs on many different operating systems including for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF, Solaris and Haiku and as of version 0.97.5, ClamAV builds and runs on Microsoft Windows ..."
Link: https://www.attackerkb.com/assessments/3fd6ffcf-dc4d-4c0c-8ed7-dac98ebde64e
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"ClamAV is a open-source antivirus engine that has been around for the past 21 years and runs on many different operating systems including for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF, Solaris and Haiku and as of version 0.97.5, ClamAV builds and runs on Microsoft Windows ..."
Link: https://www.attackerkb.com/assessments/3fd6ffcf-dc4d-4c0c-8ed7-dac98ebde64e
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-20931
Topic description: "In the latest official January 2024 patch released by Oracle, a remote command execution vulnerability CVE-2024-20931 based on the Weblogic T3\IIOP protocol has been fixed ..."
"In early 2023 a vulnerability was found in the Oracle WebLogic IIOP/T3 protocol ..."
Link: https://www.attackerkb.com/assessments/c741fce5-764f-4c32-a646-1fb167423e6d
Topic description: "In the latest official January 2024 patch released by Oracle, a remote command execution vulnerability CVE-2024-20931 based on the Weblogic T3\IIOP protocol has been fixed ..."
"In early 2023 a vulnerability was found in the Oracle WebLogic IIOP/T3 protocol ..."
Link: https://www.attackerkb.com/assessments/c741fce5-764f-4c32-a646-1fb167423e6d
0
1
1
AttackerKB
attackerkb
New assessment for topic: CVE-2024-24942
Topic description: "In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives ..."
"If we decompile and diff the REST API from TeamCity 2023.11.2 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147486.jar`) against TeamCity 2023.11.3 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147512.jar`), we can see the `SwaggerUI` class has been modified. ..."
Link: https://www.attackerkb.com/assessments/25397f72-670e-4ef4-a19b-2a3a55120d18
Topic description: "In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives ..."
"If we decompile and diff the REST API from TeamCity 2023.11.2 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147486.jar`) against TeamCity 2023.11.3 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147512.jar`), we can see the `SwaggerUI` class has been modified. ..."
Link: https://www.attackerkb.com/assessments/25397f72-670e-4ef4-a19b-2a3a55120d18
0
1
1
AttackerKB
attackerkb
New assessment for topic: CVE-2023-41179
Topic description: "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. ..."
"This was [disclosed as 0day](https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US) in September 2023 and then kind of never spoken of again, true to form for Trend Micro product 0days ([exhibit 1](https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US), [exhibit 2](https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/), [exhibit 3](https://success.trendmicro.com/dcx/s/solution/000151730-SECURITY-BULLETIN-Trend-Micro-OfficeScan-Arbitrary-File-Upload-with-Directory-Traversal-Vulnerability?language=en_US)) ..."
Link: https://www.attackerkb.com/assessments/3de957ef-5820-4be5-ae16-3102d27f3df9
Topic description: "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. ..."
"This was [disclosed as 0day](https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US) in September 2023 and then kind of never spoken of again, true to form for Trend Micro product 0days ([exhibit 1](https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US), [exhibit 2](https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/), [exhibit 3](https://success.trendmicro.com/dcx/s/solution/000151730-SECURITY-BULLETIN-Trend-Micro-OfficeScan-Arbitrary-File-Upload-with-Directory-Traversal-Vulnerability?language=en_US)) ..."
Link: https://www.attackerkb.com/assessments/3de957ef-5820-4be5-ae16-3102d27f3df9
0
1
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-22024
Topic description: "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. ..."
"An HTTP POST request towards /dana-na/auth/saml-sso.cgi using the SAMLRequest as the vehicle with a base64 decoded XXE payload works and is already observed being abused in the wild. ..."
Link: https://www.attackerkb.com/assessments/e3572615-0a93-4e5b-a181-432316d5c6d3
Topic description: "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. ..."
"An HTTP POST request towards /dana-na/auth/saml-sso.cgi using the SAMLRequest as the vehicle with a base64 decoded XXE payload works and is already observed being abused in the wild. ..."
Link: https://www.attackerkb.com/assessments/e3572615-0a93-4e5b-a181-432316d5c6d3
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2020-17482
Topic description: "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. ..."
"[metadata only] ..."
Link: https://www.attackerkb.com/assessments/fde87f20-64d4-4e1c-a272-106f3b74a629
Topic description: "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. ..."
"[metadata only] ..."
Link: https://www.attackerkb.com/assessments/fde87f20-64d4-4e1c-a272-106f3b74a629
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-21893
Topic description: "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. ..."
"See the [Rapid7 analysis](https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis) for details on the exploit chain. ..."
Link: https://www.attackerkb.com/assessments/66090ad3-38c1-4761-b482-52152fd36790
Topic description: "A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. ..."
"See the [Rapid7 analysis](https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis) for details on the exploit chain. ..."
Link: https://www.attackerkb.com/assessments/66090ad3-38c1-4761-b482-52152fd36790
0
0
0
AttackerKB
attackerkb
New Rapid7 Analysis on AttackerKB topic: CVE-2024-21893
"On January 31, 2024, Ivanti [disclosed](https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure) CVE-2024-21893, affecting Ivanti Connect Secure and Ivanti Policy Secure ..."
Link: https://www.attackerkb.com/topics/4f92b26a-6c79-4b43-af83-cf55bd30dbb4
"On January 31, 2024, Ivanti [disclosed](https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure) CVE-2024-21893, affecting Ivanti Connect Secure and Ivanti Policy Secure ..."
Link: https://www.attackerkb.com/topics/4f92b26a-6c79-4b43-af83-cf55bd30dbb4
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-49085
Topic description: "Cacti provides an operational monitoring and fault management framework ..."
"This is a [blind SQL injection](https://owasp.org/www-community/attacks/Blind_SQL_Injection) in the poller device management page (`pollers.php`), which can be exploited with time-based techniques ..."
Link: https://www.attackerkb.com/assessments/d255b582-0e80-4b5c-8a08-dd0f4697a64e
Topic description: "Cacti provides an operational monitoring and fault management framework ..."
"This is a [blind SQL injection](https://owasp.org/www-community/attacks/Blind_SQL_Injection) in the poller device management page (`pollers.php`), which can be exploited with time-based techniques ..."
Link: https://www.attackerkb.com/assessments/d255b582-0e80-4b5c-8a08-dd0f4697a64e
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-49084
Topic description: "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB) ..."
"This is a local file inclusion vulnerability that affects the external links page `link.php` ..."
Link: https://www.attackerkb.com/assessments/35aa86fa-7444-4782-8f60-458cbc3df7c2
Topic description: "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB) ..."
"This is a local file inclusion vulnerability that affects the external links page `link.php` ..."
Link: https://www.attackerkb.com/assessments/35aa86fa-7444-4782-8f60-458cbc3df7c2
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-22515
Topic description: "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. ..."
"[metadata only] ..."
Link: https://www.attackerkb.com/assessments/fe0d1818-0a18-43ab-ba43-dd29e2dd7d15
Topic description: "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. ..."
"[metadata only] ..."
Link: https://www.attackerkb.com/assessments/fe0d1818-0a18-43ab-ba43-dd29e2dd7d15
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-23897
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"Looking into this vulnerability, there are a number of factors to consider when gauging exploitability ..."
Link: https://www.attackerkb.com/assessments/6381d058-7c24-4c5a-83f5-29083dfbfd62
Topic description: "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. ..."
"Looking into this vulnerability, there are a number of factors to consider when gauging exploitability ..."
Link: https://www.attackerkb.com/assessments/6381d058-7c24-4c5a-83f5-29083dfbfd62
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-41474
Topic description: "Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. ..."
"This is a path traversal vulnerability in Ivanti Avalanche version 6.3.4.153 ..."
Link: https://www.attackerkb.com/assessments/cd0c0c3b-47ab-419a-a3a8-0297705b8560
Topic description: "Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. ..."
"This is a path traversal vulnerability in Ivanti Avalanche version 6.3.4.153 ..."
Link: https://www.attackerkb.com/assessments/cd0c0c3b-47ab-419a-a3a8-0297705b8560
0
0
1
AttackerKB
attackerkb
New assessment for topic: CVE-2023-41265
Topic description: "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request ..."
"Rapid7 saw exploitation of this in customer environments in early December 2023 ..."
Link: https://www.attackerkb.com/assessments/9951767f-04e7-43a7-b30b-20d2296cf622
Topic description: "An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request ..."
"Rapid7 saw exploitation of this in customer environments in early December 2023 ..."
Link: https://www.attackerkb.com/assessments/9951767f-04e7-43a7-b30b-20d2296cf622
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-37679
Topic description: "A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. ..."
"Mirth Connect is vulnerable to unauthenticated RCE due to the mishandling of data that is unmarshalled by the XStream library ..."
Link: https://www.attackerkb.com/assessments/fd2fd562-df20-440b-8577-c9195a9d31a7
Topic description: "A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. ..."
"Mirth Connect is vulnerable to unauthenticated RCE due to the mishandling of data that is unmarshalled by the XStream library ..."
Link: https://www.attackerkb.com/assessments/fd2fd562-df20-440b-8577-c9195a9d31a7
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-6933
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"The "Better Search Replace" plugin for WordPress exhibits a critical vulnerability known as PHP Object Injection ..."
Link: https://www.attackerkb.com/assessments/5e518dea-96f8-4d0d-a078-9c273b249a24
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"The "Better Search Replace" plugin for WordPress exhibits a critical vulnerability known as PHP Object Injection ..."
Link: https://www.attackerkb.com/assessments/5e518dea-96f8-4d0d-a078-9c273b249a24
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-37580
Topic description: "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. ..."
"Per Google's Threat Analysis Group (TAG), this bug was [exploited as a zero-day](https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/) and has been used by at least four different threat actors to "steal email data, user credentials, and authentication tokens." Threat campaigns have targeted Greece, Moldova, Tunisia, Vietnam, and Pakistan ..."
Link: https://www.attackerkb.com/assessments/2c2c49bb-bf2d-493d-8073-3fc921a59355
Topic description: "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. ..."
"Per Google's Threat Analysis Group (TAG), this bug was [exploited as a zero-day](https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/) and has been used by at least four different threat actors to "steal email data, user credentials, and authentication tokens." Threat campaigns have targeted Greece, Moldova, Tunisia, Vietnam, and Pakistan ..."
Link: https://www.attackerkb.com/assessments/2c2c49bb-bf2d-493d-8073-3fc921a59355
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-27532
Topic description: "Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained ..."
"We've continued to see [reports](https://twitter.com/malmoeb/status/1744145322748567860) of exploitation for CVE-2023-27532 ..."
Link: https://www.attackerkb.com/assessments/211c013a-d82b-479a-9997-d447a3bb33fc
Topic description: "Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained ..."
"We've continued to see [reports](https://twitter.com/malmoeb/status/1744145322748567860) of exploitation for CVE-2023-27532 ..."
Link: https://www.attackerkb.com/assessments/211c013a-d82b-479a-9997-d447a3bb33fc
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-43208
Topic description: "NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution ..."
"Knocking down attacker value a bit because there [appear to be](https://twitter.com/Shadowserver/status/1749803281898262597) only a few hundred of these exposed and vulnerable, and perhaps surprisingly, it's been a few months since full details were released and there's still no known exploitation ..."
Link: https://www.attackerkb.com/assessments/6baa7b56-79b5-4fcb-8bc9-2970ac0a0d25
Topic description: "NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution ..."
"Knocking down attacker value a bit because there [appear to be](https://twitter.com/Shadowserver/status/1749803281898262597) only a few hundred of these exposed and vulnerable, and perhaps surprisingly, it's been a few months since full details were released and there's still no known exploitation ..."
Link: https://www.attackerkb.com/assessments/6baa7b56-79b5-4fcb-8bc9-2970ac0a0d25
0
0
0