KDDI CORPORATION, NTT DOCOMO, INC., And SoftBank Corp. Security Vulnerabilities

VioStor NVR and QNAP NAS RCE Vulnerability

VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains scripts which could allow any user e.g. guest users to execute scripts which run with administrative privileges. It is possible to execute code on the webserver...

Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus

CVE-2022-25949 A years-old exploit of a local EoP...

WSO2 Identity Server CSRF And XXE Vulnerabilities

WSO2 Identity Server is prone to a XML external entity (XXE) ...

Intel Memory And Storage Tool Installed (Windows)

Intel Memory and Storage Tool is installed on the remote Windows...

Rockwell FactoryTalk Product and Version Enumeration (Windows)

Rockwell FactoryTalk products are the remote Windows host. This plugin provides a best guess at the software version. Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote.....

Sophos Anti-Virus Detection and Status (Linux)

Sophos Anti-Virus for Linux, a commercial antivirus software package, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of...

ocPortal Arbitrary File Disclosure and XSS Vulnerabilities

ocPortal is prone to multiple cross-site scripting vulnerabilities and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied...

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.2 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes.....

libvirt security and bug fix update

[10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML (RHEL-32654) [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081) - remote: check for negative array lengths before...

WeBid Remote File Include and SQLi Vulnerabilities

WeBid to a remote file-include issue and an SQL injection (SQLi) ...

Security Bulletin: A vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what...

CVE-2023-4226

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not.....

IBM MQ Server and Client Installed (Linux)

IBM MQ (formerly IBM WebSphere MQ) message queuing server or related client software is installed on the remote Linux...

Joomla! JooProperty Component SQLi and XSS Vulnerabilities

The JooProperty component for Joomla! is prone to an SQL injection (SQLi) vulnerability and a cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied...

Joomla Jomdirectory and Advert Components SQLi Vulnerabilities

Joomla with Jomdirectory and/or Advert components is prone to SQL injection...

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers in github.com/hashicorp/consul

Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers in...

Moderate: mod_jk and mod_proxy_cluster security update

The mod_jk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fix(es): httpd: Apache Tomcat Connectors (mod_jk) Information...

CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated...

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in github.com/grafana/grafana

Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins in...

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

IBM DB2 and DB2 Connect Detection (credentialed)

IBM DB2 or DB2 Connect, an enterprise database solution, is installed on the remote...

CactuShop XSS and SQL injection flaws

The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the...

CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated...

Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for...

Oracle RDBMS Host Name and Patch Info

Nessus was able, using the supplied credentials, to query the remote Oracle RDBMS and determine the system hostname and database patch...

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 Images Security Fix(es) from Bugzilla: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) axios: exposure of...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Mgt-Commerce Cloudpanel

CVE-2023-35885 Cloudpanel 0-day Exploit Author: @EagleTube,...

(RHSA-2024:3483) Moderate: Red Hat Ansible Automation Platform 2.4 Container Security and Bug Fix Update

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation

Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This.....

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for...

Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can.....

Panic on unconsidered isindex and template combination in golang.org/x/net/html

The Parse function can panic on some invalid inputs. For example, the Parse function panics on the input "This is a searchable index. Enter search keywords:...

Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. < 3.0.6 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization....

Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

Unsanitized NUL in environment variables on Windows in syscall and os/exec

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this...

Security Bulletin: IBM Event Streams are vulnerable in terms of both confidentiality and integrity. (CVE-2024-20918, CVE-2024-20926, CVE-2024-20952).

Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...

DoS (Denial of Service) org.eclipse.jetty:jetty-io Dependency in Crowd Data Center and Server

This High severity org.eclipse.jetty:jetty-io Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-io Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.3 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: IBM MQ Appliance is vulnerable to XML External Entity (XXE) injection and server-side request forgery (CVE-2024-22354 & CVE-2024-22329)

Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....

CVE-2023-4225

Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS &lt;= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...

Royal Elementor Addons and Templates < 1.3.976 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This...

Memory exhaustion in multipart form parsing in net/textproto and net/http

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in...

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in...

CVE-2023-3545

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS &lt;= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploite...