AttackerKB
attackerkb
New assessment for topic: CVE-2024-41874
Topic description: "ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user ..."
"[CVE-2024-41874](https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html) is described as a critical unauthenticated remote code execution vulnerability affecting Adobe ColdFusion ..."
Link: https://attackerkb.com/assessments/2093f32c-29b0-4a2f-b0a3-b38bb9e950c9
Topic description: "ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user ..."
"[CVE-2024-41874](https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html) is described as a critical unauthenticated remote code execution vulnerability affecting Adobe ColdFusion ..."
Link: https://attackerkb.com/assessments/2093f32c-29b0-4a2f-b0a3-b38bb9e950c9
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-36401
Topic description: "GeoServer is an open source server that allows users to share and edit geospatial data ..."
"[metadata only] ..."
Link: https://attackerkb.com/assessments/1621d3f4-5531-4bc9-a499-285f6e252c7b
Topic description: "GeoServer is an open source server that allows users to share and edit geospatial data ..."
"[metadata only] ..."
Link: https://attackerkb.com/assessments/1621d3f4-5531-4bc9-a499-285f6e252c7b
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-45519
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"This is one of a [list of vulnerabilities](https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories) disclosed in Synacor's Zimbra Collaboration Suite recently — this particular issue lies in Zimbra's postjournal service and evidently allows for unauthenticated command execution ..."
Link: https://attackerkb.com/assessments/cdb2647d-620f-4987-aad5-477c0b0ac1ad
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"This is one of a [list of vulnerabilities](https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories) disclosed in Synacor's Zimbra Collaboration Suite recently — this particular issue lies in Zimbra's postjournal service and evidently allows for unauthenticated command execution ..."
Link: https://attackerkb.com/assessments/cdb2647d-620f-4987-aad5-477c0b0ac1ad
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-25950
Topic description: "HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request ..."
"HAProxy's HTTP/3 implementation fails to block a **malformed HTTP header field name**, and **when deployed in front of a server that incorrectly process this malformed header**, it may be used to conduct an HTTP request/response smuggling attack ..."
Link: https://attackerkb.com/assessments/410b285d-5724-4300-bcc4-603cc4c726ac
Topic description: "HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request ..."
"HAProxy's HTTP/3 implementation fails to block a **malformed HTTP header field name**, and **when deployed in front of a server that incorrectly process this malformed header**, it may be used to conduct an HTTP request/response smuggling attack ..."
Link: https://attackerkb.com/assessments/410b285d-5724-4300-bcc4-603cc4c726ac
0
1
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-47176
Topic description: "CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers ..."
"On September 26, 2024, technical details of a four-vulnerability exploit chain affecting the Common UNIX Printing System (CUPS) [were disclosed](https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/) ..."
Link: https://attackerkb.com/assessments/0db25c11-bd76-45d3-9338-4341b3da0e75
Topic description: "CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers ..."
"On September 26, 2024, technical details of a four-vulnerability exploit chain affecting the Common UNIX Printing System (CUPS) [were disclosed](https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/) ..."
Link: https://attackerkb.com/assessments/0db25c11-bd76-45d3-9338-4341b3da0e75
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-45195
Topic description: "Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. ..."
"[Apache OFBiz](https://ofbiz.apache.org/) is an open-source web-based enterprise resource planning and customer relationship management suite ..."
Link: https://attackerkb.com/assessments/33abbf06-f2b3-4792-9a9c-bca92ea20fd9
Topic description: "Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. ..."
"[Apache OFBiz](https://ofbiz.apache.org/) is an open-source web-based enterprise resource planning and customer relationship management suite ..."
Link: https://attackerkb.com/assessments/33abbf06-f2b3-4792-9a9c-bca92ea20fd9
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-7029
Topic description: "Commands can be injected over the network and executed without authentication. ..."
"**TL;DR:** Unpatched command injection vulnerability in an end-of-life IP camera, being exploited to drop a Mirai botnet malware variant ..."
Link: https://attackerkb.com/assessments/b1fb9ef3-b8b1-4bab-9942-179341ec4cbc
Topic description: "Commands can be injected over the network and executed without authentication. ..."
"**TL;DR:** Unpatched command injection vulnerability in an end-of-life IP camera, being exploited to drop a Mirai botnet malware variant ..."
Link: https://attackerkb.com/assessments/b1fb9ef3-b8b1-4bab-9942-179341ec4cbc
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-45249
Topic description: "Remote command execution due to use of default passwords ..."
"On 24 July, Acronis published the security advisory [SEC-6452: Remote command execution due to use of default passwords](https://security-advisory.acronis.com/advisories/SEC-6452) where default passwords are exploited to gain admin access to the Acronis Cyber Infrastructure ..."
Link: https://attackerkb.com/assessments/11c1c3e7-7035-4201-85d8-100b3c567e5b
Topic description: "Remote command execution due to use of default passwords ..."
"On 24 July, Acronis published the security advisory [SEC-6452: Remote command execution due to use of default passwords](https://security-advisory.acronis.com/advisories/SEC-6452) where default passwords are exploited to gain admin access to the Acronis Cyber Infrastructure ..."
Link: https://attackerkb.com/assessments/11c1c3e7-7035-4201-85d8-100b3c567e5b
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2023-42115
Topic description: "Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability ..."
" - Vulnerability Type: Service-specific security vulnerability ..."
Link: https://attackerkb.com/assessments/16ed4828-fca4-450f-a37e-882f1c766c8d
Topic description: "Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability ..."
" - Vulnerability Type: Service-specific security vulnerability ..."
Link: https://attackerkb.com/assessments/16ed4828-fca4-450f-a37e-882f1c766c8d
0
0
0
AttackerKB
attackerkb
New assessment for topic: CVE-2024-44000
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"CVE-2024-44000 is an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin that currently has around 6 million active installations ..."
Link: https://attackerkb.com/assessments/5558a403-7673-4b3c-913b-f2ae6ddcc5fd
Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."
"CVE-2024-44000 is an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin that currently has around 6 million active installations ..."
Link: https://attackerkb.com/assessments/5558a403-7673-4b3c-913b-f2ae6ddcc5fd
0
0
0