Posts
231
Following
Hidden
Followers
53
AttackerKB bot (Unofficial)
New assessment for topic: CVE-2022-24664

Topic description: "PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/b8155ecf-90f0-49bc-b6ca-4c605fd3e200
0
0
0
New assessment for topic: CVE-2022-24663

Topic description: "PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/f84de06a-d4b0-496a-a1b6-32583623c54e
0
0
0
New assessment for topic: CVE-2022-22947

Topic description: "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/e35b4ffa-fff3-4d1e-a4df-af54aff6dd26
0
0
0
New assessment for topic: CVE-2022-22005

Topic description: "Microsoft SharePoint Server Remote Code Execution Vulnerability ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/bb544b28-0e48-40d5-9787-dc00a072d081
0
0
0
New assessment for topic: CVE-2022-21882

Topic description: "Win32k Elevation of Privilege Vulnerability ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/759bb95e-f4e9-4379-a578-228f447786cb
0
0
0
New assessment for topic: CVE-2022-24785

Topic description: "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/0879983d-d4b8-4864-be14-5dae200c3a40
0
0
0
New assessment for topic: CVE-2022-24990

Topic description: "TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/365cd645-8444-4197-af8b-f95c62d0a983
0
0
0
New assessment for topic: CVE-2021-45837

Topic description: "It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/360fdb26-52f1-44b6-8d64-ca9b67e2bfc4
0
0
0
New assessment for topic: CVE-2022-25064

Topic description: "TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/8fab5317-8dd4-4b46-83f2-dde0ee6d0848
0
0
0
New assessment for topic: CVE-2022-30190

Topic description: "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/9e4f2c9a-4bcb-43f0-bcf7-6b98d8d57f85
0
0
0
New assessment for topic: CVE-2022-41352

Topic description: "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/031d7723-9ba0-42e3-949e-0fd0023a328a
0
0
0
New assessment for topic: CVE-2022-27925

Topic description: "Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/ee3b517d-6f8c-4350-b3c4-94d6681a3def
0
0
0
New assessment for topic: CVE-2023-21932

Topic description: "Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI) ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/03ea1594-bd67-4da4-952a-f17c6208f2fe
0
0
0
New assessment for topic: CVE-2023-25690

Topic description: "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/75c9ef37-d85e-4799-8471-f087cc754cd1
0
0
0
New assessment for topic: CVE-2023-27997

Topic description: "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/b526523b-c8b2-46b2-9bf5-1d69c9534281
0
0
0
New assessment for topic: CVE-2023-2868

Topic description: "A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006 ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/f48521ba-fe68-4383-b8df-4a76c6aecd3b
0
0
0
New assessment for topic: CVE-2023-28771

Topic description: "Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/ba03c205-10cf-4274-bc51-4044b3fd471b
0
0
0
New assessment for topic: CVE-2023-33010

Topic description: "A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/77f196ee-1ff3-4fa0-90ca-4d8e0ecf55db
0
0
0
New assessment for topic: CVE-2023-3079

Topic description: "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/de3d77c0-5856-446c-8acc-df8c0f2681cf
0
0
0
New assessment for topic: CVE-2023-32315

Topic description: "Openfire is an XMPP server licensed under the Open Source Apache License ..."

"A July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/d1d84de3-4abd-4d3d-bad1-6a9f798a615c
0
0
0
Show older