Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
Rapid7 vulnerability researcher Ryan Emmons contributed to this blog. On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across...
10CVSS
10AI Score
0.966EPSS
The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
0.0004EPSS
GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories
By Deeba Ahmed Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware. This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft...
7.2AI Score
CrushFTP VFS - Sandbox Escape LFR
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS...
10CVSS
9.2AI Score
0.966EPSS
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all....
4.3CVSS
4.4AI Score
0.0004EPSS
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all....
4.3CVSS
6.5AI Score
0.0004EPSS
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all....
4.3CVSS
4.7AI Score
0.0004EPSS
WP Social Comments < 1.7.4 - Missing Authorization via wpfc_allow_comments()
Description The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level.....
4.3CVSS
6.5AI Score
0.0004EPSS
10CVSS
9.8AI Score
0.957EPSS
dbt uses a SQLparse version with a high vulnerability
Summary Using a version of sqlparse that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using sqlparse==0.5 but this causes a conflict with dbt. Snyk states the issues is a recursion error: SNYK-PYTHON-SQLPARSE-6615674. Details Dependency conflict....
7.1AI Score
dbt uses a SQLparse version with a high vulnerability
Summary Using a version of sqlparse that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using sqlparse==0.5 but this causes a conflict with dbt. Snyk states the issues is a recursion error: SNYK-PYTHON-SQLPARSE-6615674. Details Dependency conflict....
7.1AI Score
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
10CVSS
10AI Score
0.966EPSS
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
9.8CVSS
10AI Score
0.966EPSS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....
5.9CVSS
7.5AI Score
0.001EPSS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Impact A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during.....
5.9CVSS
7.5AI Score
0.001EPSS
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, uses Tauri instead of Electron, and sandboxes pre-request scripts with a simple yet secure implementation.....
10CVSS
7.3AI Score
0.005EPSS
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
Observations The Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, uses Tauri instead of Electron, and sandboxes pre-request scripts with a simple yet secure implementation.....
10CVSS
9.7AI Score
0.005EPSS
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...
7.2CVSS
8.2AI Score
0.0004EPSS
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file api_functions.php, line 307 for function list_devices ```php...
7.2CVSS
8.2AI Score
0.0004EPSS
Using Legitimate GitHub URLs for Malware
Interesting social-engineering attack vector: McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," known as vcpkg. The attacker is exploiting a property...
7.2AI Score
Billions of scraped Discord messages up for sale
Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....
6.8AI Score
Description The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via....
4.3CVSS
6.8AI Score
0.0004EPSS
7.4AI Score
ownCloud < 10.13.3 Improper Input Validation Vulnerability
ownCloud is prone to an improper input validation ...
7.3AI Score
EPSS
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...
10CVSS
10AI Score
0.966EPSS
7.4AI Score
7.4AI Score
10CVSS
9.8AI Score
0.957EPSS
7.4AI Score
10CVSS
7.4AI Score
EPSS
7.4AI Score
7.4AI Score
7.4AI Score
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...
10CVSS
10AI Score
0.966EPSS
[SECURITY] Fedora 40 Update: yyjson-0.9.0-1.fc40
A high performance JSON library written in ANSI C. Features - Fast: can read or write gigabytes per second JSON data on modern CPUs. - Portable: complies with ANSI C (C89) for cross-platform compatibility. - Strict: complies with RFC 8259 JSON standard, ensuring strict number format and UTF-8...
6.3AI Score
0.0004EPSS
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
Impact The application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname such as an empty string, slashes /, and other strings. For example, if you have a simple application: ```ts...
7.5CVSS
6.8AI Score
0.0004EPSS
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
Impact The application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname such as an empty string, slashes /, and other strings. For example, if you have a simple application: ```ts...
7.5CVSS
6.8AI Score
0.0004EPSS
Denial of Service Vulnerability in Rustls Library
Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...
7.5CVSS
7.3AI Score
0.0004EPSS
Denial of Service Vulnerability in Rustls Library
Summary rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call complete_io and are not affected. rustls::Stream and...
7.5CVSS
7.3AI Score
0.0004EPSS
How Attackers Can Own a Business Without Touching the Endpoint
Attackers are increasingly making use of "networkless" attack techniques targeting cloud apps and identities. Here's how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting into the details...
7.5AI Score
Denial of Service in Comments API - ownCloud
Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of...
6.8AI Score
EPSS
7.4AI Score
Oracle E-Business Suite (April 2024 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions...
9.1CVSS
9.2AI Score
0.001EPSS
7.4AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2024-32689 WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendWP Import Content in WordPress & WooCommerce with Excel allows Reflected XSS.This issue affects Import Content in WordPress & WooCommerce with Excel: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS