New assessment for topic: Windows Remote Desktop (RDP) Use-after-free vulnerablility, "Bluekeep"

Topic description: "A bug in Windows Remote Desktop protocol allows unauthenticated users to run arbitrary code via a specially crafted request to the service ..."

"Exploited by North Korean state-sponsored attackers according to a July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/8909df99-507f-4f27-a36b-9c759f2b5a9f

New assessment for topic: CVE-2024-29824

Topic description: "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ..."

"Ivanti Endpoint Manager (EPM) versions 2022 SU5 and prior are vulnerable to SQL injection and a patch has been released, as described in the official [advisory](https://forums.ivanti.com/s/article/Security-Advisory-May-2024) and the related [KB article](https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024) ..."

Link: https://attackerkb.com/assessments/721f9e58-f1a2-4da1-9bdc-21a2c2e0a139

New assessment for topic: CVE-2024-34102

Topic description: "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution ..."

"Adobe Commerce, which is based on the Magento PHP suite, is a popular framework for commerce websites ..."

Link: https://attackerkb.com/assessments/d33dff0d-d59a-4d35-ae3b-542784621174

New assessment for topic: CVE-2024-38112

Topic description: "Windows MSHTML Platform Spoofing Vulnerability ..."

"Trend Micro reported this vulnerability to Microsoft after observing [Void Banshee APT exploitation in the wild](https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html); the zero-day attack hinged on the premise that MHTML links would automatically open in the old Internet Explorer engine ..."

Link: https://attackerkb.com/assessments/ee90728c-07aa-4213-b028-b960f305ae9c

New assessment for topic: CVE-2022-0510

Topic description: "Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. ..."

"Missing Sanitization of `$item->getGroup()` (lines 864 and 1269) in `fieldcollectionTreeAction/objectbrickTreeAction` functions in `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php` allows Admin User to perform Source Code Injection through Stored Group Fields (in Object Bricks/Field Collection under settings module) resulting in Information Exposure (cookie theft). ..."

Link: https://attackerkb.com/assessments/cd11e0f9-6a68-4d14-b233-1fa6126daceb

New assessment for topic: CVE-2024-38023

Topic description: "Microsoft SharePoint Server Remote Code Execution Vulnerability ..."

"This vulnerability also requires authentication, but any SharePoint user with Site Owner permissions can hit it ..."

Link: https://attackerkb.com/assessments/876bb98d-a8d3-4b1c-8e7c-f270880d3f1e

New assessment for topic: CVE-2024-36401

Topic description: "GeoServer is an open source server that allows users to share and edit geospatial data ..."

"[metadata only] ..."

Link: https://attackerkb.com/assessments/becffd24-1aa0-4f40-8adb-2427538a6c7a

New assessment for topic: CVE-2024-6387

Topic description: "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd) ..."

"Doesn't lend itself to an attackers needs ..."

Link: https://attackerkb.com/assessments/acb74366-0851-4235-bc32-0def86f0b97f

New assessment for topic: CVE-2024-30104

Topic description: "Microsoft Office Remote Code Execution Vulnerability ..."

"The problem is still in the "docx" files this vulnerability is a 0 day based on the Follina exploit ..."

Link: https://attackerkb.com/assessments/deffe471-0387-49c1-8bf7-eec558f98ef0

New assessment for topic: CVE-2024-6387

Topic description: "A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously ..."

"While this vulnerability is interesting, and it certainly has the potential for immense damage and harm, the reality is far more nuanced ..."

Link: https://attackerkb.com/assessments/c2e52e59-bce0-462b-b55c-f59f5b175032

New assessment for topic: CVE-2013-3632

Topic description: "The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. ..."

"[metadata only] ..."

Link: https://attackerkb.com/assessments/9e0899a6-dbbb-4874-9f0e-bff88432ea37

New assessment for topic: CVE-2024-6387

Topic description: "A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously ..."

"**TL;DR:** Neat! Doesn't sound like something that's going to be easily exploited or automated in pretty much any scenario, so I have little initial concern about widespread exploitation, or even exploitation at all ..."

Link: https://attackerkb.com/assessments/4449caee-544e-4984-ace6-4f5b53c0d2f2

New assessment for topic: CVE-2024-5806

Topic description: "Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. ..."

"Based on our AttackerKB [Rapid7 Analysis](https://attackerkb.com/topics/44EZLG2xgL/cve-2024-5806#rapid7-analysis), I have rated the exploitability as high, as an exploit can easily be implemented by modifying an existing SFTP library to trigger the auth bypass ..."

Link: https://attackerkb.com/assessments/b4dd0bda-ae2f-4ec2-992e-bea386861f29

New Rapid7 Analysis on AttackerKB topic: CVE-2024-5806

"On June 25, 2024 Progress Software published an [advisory](https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806) for [CVE-2024-5806](https://www.cve.org/cverecord?id=CVE-2024-5806), an authentication bypass vulnerability affecting the SFTP module of MOVEit Transfer ..."

Link: https://attackerkb.com/topics/f83ee394-ee97-468b-bfa6-48e80210983d

New assessment for topic: CVE-2024-21762

Topic description: "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests ..."

"CVE-2024-21762 is a memory corruption vulnerability that affects a very wide range of FortiNet Firewalls ..."

Link: https://attackerkb.com/assessments/90bfe080-9e30-4248-8bfc-882ba39cef39

New assessment for topic: CVE-2024-26148

Topic description: "Querybook is a user interface for querying big data ..."

"Entered URL through Draft.js entity data (props.contentState.getEntity(props.entityKey).getData()) in querybook/webapp/lib/richtext/ index.tsx (line 13) misses validation of URL schema using Safelist ('http:', 'https:'), resulting in client-side XSS at <Link to={url} newTab> (line 15), enabling ACE when exploited. ..."

Link: https://attackerkb.com/assessments/4e765b62-7e23-42f7-a194-a9166d3ed70d

New assessment for topic: CVE-2024-25641

Topic description: "Cacti provides an operational monitoring and fault management framework ..."

"Cacti versions prior to 1.2.27 are [vulnerable](https://karmainsecurity.com/KIS-2024-04) to arbitrary file write that could lead to RCE ..."

Link: https://attackerkb.com/assessments/07c9b36e-09e6-4af9-bcee-447510ffbcdb

New assessment for topic: CVE-2024-29212

Topic description: "Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. ..."

"This deserialization vulnerability piqued my interest after I saw it had received a ["patch reissue"](https://www.veeam.com/kb4575) a couple of weeks after it was initially patched ..."

Link: https://attackerkb.com/assessments/9a2c9fe5-eca6-44d9-9eb6-107acd44172a

New assessment for topic: CVE-2024-2389

Topic description: "In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. ..."

"Progress Flowmon is a network performance monitoring and security solution developed by Progress Software ..."

Link: https://attackerkb.com/assessments/eac89c1b-f915-4cc4-be12-3c7e647408a1

New assessment for topic: CVE-2024-31077

Topic description: "Forminator prior to 1.29.3 contains a SQL injection vulnerability ..."

"Forminator Wordpress plugin versions prior to 1.29.3 are vulnerable to SQL injection ..."

Link: https://attackerkb.com/assessments/3652f19f-55a2-4ba0-95ba-ff07a429c23d