Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

cve
cve

CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

8.8CVSS

7.9AI Score

0.0004EPSS

2024-05-23 12:15 PM
58
cvelist
cvelist

CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

8.8CVSS

9.2AI Score

0.0004EPSS

2024-05-23 12:01 PM
vulnrichment
vulnrichment

CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

8.8CVSS

8.1AI Score

0.0004EPSS

2024-05-23 12:01 PM
thn
thn

Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to...

9.9CVSS

9.8AI Score

0.001EPSS

2024-05-23 09:21 AM
1
cve
cve

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

6.7AI Score

0.0004EPSS

2024-05-23 07:15 AM
50
nvd
nvd

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-23 07:15 AM
1
cvelist
cvelist

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-23 06:46 AM
1
thn
thn

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as....

6.3AI Score

2024-05-23 05:33 AM
1
nessus
nessus

RHEL 8 : exempi (RHSA-2024:3066)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3066 advisory. Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): * exempi: denial of service via opening of crafted audio file...

6.5CVSS

6.8AI Score

0.001EPSS

2024-05-23 12:00 AM
3
nessus
nessus

Apache Tomcat 8.5.0 < 8.5.51 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.51. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.51_security-8 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections...

9.8CVSS

7.9AI Score

0.974EPSS

2024-05-23 12:00 AM
2
openvas

7.3AI Score

EPSS

2024-05-23 12:00 AM
5
nessus
nessus

Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.100_security-7 advisory. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections.....

9.8CVSS

7.9AI Score

0.974EPSS

2024-05-23 12:00 AM
3
wpvulndb
wpvulndb

Hash Form – Drag & Drop Form Builder < 1.1.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution

Description The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload...

9.8CVSS

8AI Score

0.035EPSS

2024-05-23 12:00 AM
3
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : VLC vulnerabilities (USN-6783-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6783-1 advisory. It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use ...

9.8CVSS

8.4AI Score

0.001EPSS

2024-05-23 12:00 AM
2
openvas
openvas

Roundcube Webmail < 1.5.7, 1.6.x < 1.6.7 Multiple Vulnerabilities - Linux

Roundcube Webmail is prone to multiple...

7.3AI Score

EPSS

2024-05-23 12:00 AM
5
metasploit
metasploit

Cacti Import Packages RCE

This exploit module leverages an arbitrary file write vulnerability (CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...

9.1CVSS

9.5AI Score

0.002EPSS

2024-05-22 03:38 PM
5
thn
thn

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets,...

7.8AI Score

2024-05-22 02:15 PM
1
malwarebytes
malwarebytes

Microsoft AI &#8220;Recall&#8221; feature records everything, secures far less

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it's one that Microsoft was willing to make this week at its “Build” developer conference. On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology.....

6.8AI Score

2024-05-22 09:14 AM
8
redhat
redhat

(RHSA-2024:3066) Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security...

7.2AI Score

0.001EPSS

2024-05-22 06:35 AM
3
nvd
nvd

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and...

5CVSS

5.3AI Score

0.001EPSS

2024-05-22 04:15 AM
cve
cve

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and...

5CVSS

6.4AI Score

0.001EPSS

2024-05-22 04:15 AM
24
vulnrichment
vulnrichment

CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and...

5CVSS

6.5AI Score

0.001EPSS

2024-05-22 03:17 AM
1
cvelist
cvelist

CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and...

5CVSS

5.2AI Score

0.001EPSS

2024-05-22 03:17 AM
zdi
zdi

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper.....

7.8AI Score

0.0005EPSS

2024-05-22 12:00 AM
4
osv
osv

Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security issue(s),...

6.5CVSS

6.7AI Score

0.001EPSS

2024-05-22 12:00 AM
almalinux
almalinux

Moderate: exempi security update

Exempi provides a library for easy parsing of XMP metadata. Security Fix(es): exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) exempi: denial of service via opening of crafted webp file (CVE-2020-18652) For more details about the security issue(s),...

6.5CVSS

6.8AI Score

0.001EPSS

2024-05-22 12:00 AM
nessus
nessus

FreeBSD : Roundcube -- Cross-site scripting vulnerabilities (e020b0fd-1751-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e020b0fd-1751-11ef-a490-84a93843eb75 advisory. The Roundcube project reports: cross-site scripting (XSS) vulnerability in handling SVG ...

6.2AI Score

2024-05-22 12:00 AM
3
ubuntu
ubuntu

VLC vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages vlc - multimedia player and streamer Details It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting...

9.8CVSS

7.8AI Score

0.001EPSS

2024-05-22 12:00 AM
2
nessus
nessus

CentOS 8 : exempi (CESA-2024:3066)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3066 advisory. Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a...

6.5CVSS

6.9AI Score

0.001EPSS

2024-05-22 12:00 AM
1
nvd
nvd

CVE-2024-33525

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or....

5.2AI Score

EPSS

2024-05-21 07:15 PM
1
cve
cve

CVE-2024-33525

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or....

5.4AI Score

EPSS

2024-05-21 07:15 PM
36
cve
cve

CVE-2024-33528

A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file...

5.4AI Score

EPSS

2024-05-21 03:15 PM
36
nvd
nvd

CVE-2024-33527

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file...

5.2AI Score

EPSS

2024-05-21 03:15 PM
cve
cve

CVE-2024-33527

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file...

5.3AI Score

EPSS

2024-05-21 03:15 PM
34
nvd
nvd

CVE-2024-33528

A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file...

5.2AI Score

EPSS

2024-05-21 03:15 PM
cve
cve

CVE-2024-33526

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file...

5.4AI Score

EPSS

2024-05-21 03:15 PM
35
nvd
nvd

CVE-2024-33526

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file...

5.2AI Score

EPSS

2024-05-21 03:15 PM
github
github

Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-21 02:43 PM
2
osv
osv

Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and...

4.3CVSS

6.6AI Score

0.0004EPSS

2024-05-21 02:43 PM
3
kitploit
kitploit

Vger - An Interactive CLI Application For Interacting With Authenticated Jupyter Instances

V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you've found Jupyter credentials, but don't know what you can do with them. V'ger is organized in a format that should.....

7.5AI Score

2024-05-21 12:30 PM
5
veracode
veracode

Unrestricted File Upload

drupal/core is vulnerable to Unrestricted File Upload. The vulnerability is caused by the failure to properly sanitize filenames within the file_save_upload() function. This allows an attacker to potentially upload malicious system files, such as...

7AI Score

2024-05-21 06:12 AM
1
nessus
nessus

openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:1673-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-1 advisory. In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation...

9.8CVSS

8AI Score

0.007EPSS

2024-05-21 12:00 AM
2
trellix
trellix

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2 By Chintan Shah, Maulik Maheta · May 21, 2024 Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service permissions (T1574.011), NTDS.dit file.....

7.9AI Score

2024-05-21 12:00 AM
7
nessus
nessus

Palo Alto PAN-OS GlobalProtect Remote Code Execution

Palo Alto PAN-OS versions 11.1.x &lt; 11.1.0-h3 / 11.1.1-h1 / 11.1.2-h3, 11.0.x &lt; 11.0.0-h3 / 11.0.1-h4 / 11.0.2-h4 / 11.0.3-h10 / 11.0.4-h1, 10.2.x &lt; 10.2.0-h3 / 10.2.1-h2 / 10.2.2-h5 / 10.2.3-h13 / 10.2.4-h16 / 10.2.5-h6 / 10.2.6-h3 / 10.2.7-h8 / 10.2.8-h3 / 10.2.9-h1 suffer from an arbitra...

8.3AI Score

2024-05-21 12:00 AM
8
wpvulndb
wpvulndb

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_upload_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level...

5CVSS

6.5AI Score

0.001EPSS

2024-05-21 12:00 AM
3
cve
cve

CVE-2024-5145

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-20 11:15 PM
31
nvd
nvd

CVE-2024-5145

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-20 11:15 PM
cvelist
cvelist

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-20 10:31 PM
osv
osv

Passbolt API Stored XSS on first/last name during setup

Description An administrator can craft a user with a malicious first name and last name, using a payload such as &lt;svg onload="confirm(document.domain)"&gt;'); ?&gt;&lt;/svg&gt; The user will then receive the invitation email and click on the setup link. The setup start page served by the server ...

6.9AI Score

2024-05-20 05:07 PM
3
github
github

Passbolt API Stored XSS on first/last name during setup

Description An administrator can craft a user with a malicious first name and last name, using a payload such as &lt;svg onload="confirm(document.domain)"&gt;'); ?&gt;&lt;/svg&gt; The user will then receive the invitation email and click on the setup link. The setup start page served by the server ...

6.9AI Score

2024-05-20 05:07 PM
3
Total number of security vulnerabilities68524