New Rapid7 Analysis on AttackerKB topic: CVE-2024-5806

"On June 25, 2024 Progress Software published an [advisory](https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806) for [CVE-2024-5806](https://www.cve.org/cverecord?id=CVE-2024-5806), an authentication bypass vulnerability affecting the SFTP module of MOVEit Transfer ..."

Link: https://attackerkb.com/topics/f83ee394-ee97-468b-bfa6-48e80210983d

New assessment for topic: CVE-2024-21762

Topic description: "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests ..."

"CVE-2024-21762 is a memory corruption vulnerability that affects a very wide range of FortiNet Firewalls ..."

Link: https://attackerkb.com/assessments/90bfe080-9e30-4248-8bfc-882ba39cef39

New assessment for topic: CVE-2024-26148

Topic description: "Querybook is a user interface for querying big data ..."

"Entered URL through Draft.js entity data (props.contentState.getEntity(props.entityKey).getData()) in querybook/webapp/lib/richtext/ index.tsx (line 13) misses validation of URL schema using Safelist ('http:', 'https:'), resulting in client-side XSS at <Link to={url} newTab> (line 15), enabling ACE when exploited. ..."

Link: https://attackerkb.com/assessments/4e765b62-7e23-42f7-a194-a9166d3ed70d

New assessment for topic: CVE-2024-25641

Topic description: "Cacti provides an operational monitoring and fault management framework ..."

"Cacti versions prior to 1.2.27 are [vulnerable](https://karmainsecurity.com/KIS-2024-04) to arbitrary file write that could lead to RCE ..."

Link: https://attackerkb.com/assessments/07c9b36e-09e6-4af9-bcee-447510ffbcdb

New assessment for topic: CVE-2024-29212

Topic description: "Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. ..."

"This deserialization vulnerability piqued my interest after I saw it had received a ["patch reissue"](https://www.veeam.com/kb4575) a couple of weeks after it was initially patched ..."

Link: https://attackerkb.com/assessments/9a2c9fe5-eca6-44d9-9eb6-107acd44172a

New assessment for topic: CVE-2024-2389

Topic description: "In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. ..."

"Progress Flowmon is a network performance monitoring and security solution developed by Progress Software ..."

Link: https://attackerkb.com/assessments/eac89c1b-f915-4cc4-be12-3c7e647408a1

New assessment for topic: CVE-2024-31077

Topic description: "Forminator prior to 1.29.3 contains a SQL injection vulnerability ..."

"Forminator Wordpress plugin versions prior to 1.29.3 are vulnerable to SQL injection ..."

Link: https://attackerkb.com/assessments/3652f19f-55a2-4ba0-95ba-ff07a429c23d

New assessment for topic: CVE-2024-30080

Topic description: "Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability ..."

"[metadata only] ..."

Link: https://attackerkb.com/assessments/00f64473-c826-4bb2-b199-25069dd56068

New assessment for topic: CVE-2024-28995

Topic description: " ..."

"Based upon our [Rapid7 Analysis](https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis), I have rated the attacker value of this vulnerability as Very High, as an unauthenticated attacker can read files from a server, and the vulnerable product is a file tranfser solution ..."

Link: https://attackerkb.com/assessments/a8ea00b2-323b-4d09-b313-3cfc404d8542

New Rapid7 Analysis on AttackerKB topic: CVE-2024-28995

"On June 5, 2024, SolarWinds published an [advisory](https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995) for CVE-2024-28995, a high-severity directory traversal vulnerability affecting their file transfer solution Serv-U ..."

Link: https://attackerkb.com/topics/ec88a622-e23a-4ed4-b4bd-adca7bee9acf

New assessment for topic: CVE-2024-4577

Topic description: "In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions ..."

"I have rated the attacker value as high, as if the requirement to exploitation are met the attacker can get remote unauthenticated RCE on the target Windows server ..."

Link: https://attackerkb.com/assessments/04d81142-6675-4a32-8d7f-e573b8f7ddde

New assessment for topic: CVE-2024-23692

Topic description: "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability ..."

"The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability ..."

Link: https://attackerkb.com/assessments/f5c5359d-2446-4e33-a1a2-6a66aa2fb5f6

New assessment for topic: CVE-2024-4358

Topic description: "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. ..."

"So far, 2024 has seen a few notable vulnerabilities, such as [CVE-2024-1709](https://www.rapid7.com/blog/post/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/), that attack setup wizard flows for authentication bypass ..."

Link: https://attackerkb.com/assessments/20d30f34-ff47-402d-9991-678b34b3fbb4

New assessment for topic: CVE-2024-22026

Topic description: "A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. ..."

"Ivanti EPMM (previously known as MobileIron Core) is vulnerable to a local privilege escalation vulnerability ..."

Link: https://attackerkb.com/assessments/8e941ab8-690f-4125-b598-9a8ff7d935f0

New assessment for topic: CVE-2024-24919

Topic description: "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades ..."

"This is trivial to exploit ..."

Link: https://attackerkb.com/assessments/ad36fea3-37bf-43b3-a5d3-1e4715d23ecb

New assessment for topic: CVE-2024-24919

Topic description: "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades ..."

"On May 28, 2024, Check Point published an advisory for an unauthenticated information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade ..."

Link: https://attackerkb.com/assessments/1b3e554c-47a1-40f1-a09a-ea867bb4f8a4

New assessment for topic: CVE-2024-21683

Topic description: "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. ..."

"This vulnerability can be leveraged by an authenticated attacker to execute OS commands within the context of the Confluence application server ..."

Link: https://attackerkb.com/assessments/5ad314a1-9fd7-47d7-835f-f29680b3961d

New assessment for topic: CVE-2024-28741

Topic description: "Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. ..."

" [NorthStarC2]([https://github.com/EnginDemirbilek/NorthStarC2](https://github.com/EnginDemirbilek/NorthStarC2)) is an open source web based command and control framework used by real world threat actors including [UNC3890](https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping](https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping), [APT33](https://exchange.xforce.ibmcloud.com/collection/Recent-Hive0016-Infrastructure-and-Use-of-NorthStarC2-Pentest-Framework-77196fe57bb122088c210286da5d5b20) and [Patchwork/APT-Q-36](https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/may-hot-apt-security-events-techniques-tracker) to name a few ..."

Link: https://attackerkb.com/assessments/0e9af56e-90c5-4900-8384-9d33bdfe7e26

New assessment for topic: CVE-2024-31819

Topic description: "An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. ..."

"[WWNB AVideo](https://github.com/WWBN/AVideo) is a versatile and advanced video streaming platform tailored for individual content creators, businesses, and developers alike ..."

Link: https://attackerkb.com/assessments/982c48b6-69a7-4c4b-aa08-5c4ca5a482a3

New assessment for topic: CVE-2023-43177

Topic description: "CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. ..."

"CVE-2023-43177: Critical Unauthenticated Remote Code Execution in CrushFTP ..."

Link: https://attackerkb.com/assessments/372ce344-cefb-4da1-8ba7-faf072bf4841