Exploit for Improper Authentication in Ivanti Endpoint_Manager_Mobile

CVE-2023-35078 Exploit POC CVE-2023-35078 Remote Unauthenticat...

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile EPMM, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 CVSS score: 7.8, impacts support...

CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile

CVE-2023-35078 is a remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile, which was previously branded as MobileIron Core. The vulnerability has a CVSS v3 base score of 10.0 and has a severity rating of Critical. Ivanti has reported that they have received information...

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...

Ivanti Endpoint Manager Mobile < 11.8.1.1 / 11.9.x < 11.9.1.1 / 11.10.x < 11.10.0.2 Remote Unauthenticated API Access (CVE-2023-35078)

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.8.1.1, 11.9.x 11.9.1.1, or 11.10.x 11.10.0.2. It is, therefore, affected by an undisclosed unauthenticated API access vulnerability. Note that Nessus has not tested for the temporary RPM-base...

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

CVE-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

Design/Logic Flaw

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...

CVE-2023-37238

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...

CVE-2023-37238

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features...

UBUNTU-CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

PT-2023-5204 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.0 through 7.2.2 FortiAnalyzer versions 6.0 through 7.2.2 Description: The issue is related to improper privilege management, which may allow a remote and authenticated API admin user to access certain system settings,...

The Reddit Files: Hackers Demand $4.5M Ransom and API Access Waiver

By Deeba Ahmed The hackers from the infamous BlackCat ransomware gang also known as ALPHV have claimed to have stolen 80GB of data from Reddit. This is a post from HackRead.com Read the original post: The Reddit Files: Hackers Demand $4.5M Ransom and API Access Waiver...

PT-2023-11588 · Unknown · Nucleus Cms

Name of the Vulnerable Software and Affected Versions: NucleusCMS version 3.71 Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the "https://example.com/nucleus/plugins/skinfiles/?dir=rsd" API endpoint, where the dir parameter is set to rsd...

CVE-2023-2787 Collapsed Reply Threads APIs leak message contents from private channels

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

Password Reset Hack Exposed in Honda's E-Commerce Platform, Dealers Data at Risk

Security vulnerabilities discovered in Honda's e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. "Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account," security researche...

SUSE CVE-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

UBUNTU-CVE-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

CVE-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

PT-2023-24427 · H3C · H3C Magic R300

Name of the Vulnerable Software and Affected Versions: H3C Magic R300 version R300-2100MV100R004 Description: A stack overflow issue was discovered via the SetAPWifiorLedInfoById interface at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R300 version R300-2100MV100R004,...