KDDI CORPORATION, NTT DOCOMO, INC., And SoftBank Corp. Security Vulnerabilities

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

WSO2 Identity Server CSRF And XXE Vulnerabilities

WSO2 Identity Server is prone to a XML external entity (XXE) ...

SSH Server type and version

This detects the SSH...

WeBid Remote File Include and SQLi Vulnerabilities

WeBid to a remote file-include issue and an SQL injection (SQLi) ...

Apache Solr Operator liveness and readiness probes may leak basic auth credentials in github.com/apache/solr-operator

Apache Solr Operator liveness and readiness probes may leak basic auth credentials in...

Giveaways and Contests by RafflePress < 1.12.5 - Missing Authorization

Description The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the resources/views/rafflepress-giveaway.php file in versions up to, and including, 1.12.4. This makes it possible for authenticated...

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor < 1.26.5 - Authenticated (Contributer+) Stored Cross-Site Scripting

Description The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for....

CVE-2015-10125

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this...

CVE-2019-15045

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended...

CVE-2023-3797

A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. This affects an unknown part of the file /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx. The manipulation of.....

CVE-2019-15045

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended...

CVE-2024-5275 Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the...

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

gix refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

MoinMoin Improper ACL handling for calendars and includes

MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified...

(RHSA-2024:2874) Moderate: OpenShift Container Platform 4.13.42 security and extras update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the container...

Barracuda Spam and Virus Firewall RCE Vulnerability

Barracuda Spam & Virus Firewall is prone to a remote code execution (RCE)...

CVE-2019-15045

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended...

Sophos Anti-Virus Detection and Status (Linux)

Sophos Anti-Virus for Linux, a commercial antivirus software package, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .

Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-33599 DESCRIPTION: **glibc is vulnerable.....

Oracle Data Quality and Profiling Client Detection

The remote host has Oracle Data Quality and Profiling client installed, a client for a data quality and monitoring...

Oracle E-Business Version and Patch Info

It was possible to query the remote database and/or product configuration file, to determine the Oracle E-Business version and patch information with the supplied...

(RHSA-2024:2877) Important: OpenShift Container Platform 4.13.42 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the container...

VioStor NVR and QNAP NAS RCE Vulnerability

VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains scripts which could allow any user e.g. guest users to execute scripts which run with administrative privileges. It is possible to execute code on the webserver...

(RHSA-2024:2890) Important: bind and dhcp security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...

RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

Impact A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumeric(int) and CryptoRandomAlphaNumeric(int) are not as random as they should be. Small values of int in the functions above will return a smaller...

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

Description The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input...

Error "One or more legacy replicas are detected in configuration remove them manually and try again" during upgrade to v7

Error "One or more legacy replicas are detected in configuration remove them manually and try again" during upgrade to...

Intel Memory And Storage Tool Installed (Windows)

Intel Memory and Storage Tool is installed on the remote Windows...

Rockwell FactoryTalk Product and Version Enumeration (Windows)

Rockwell FactoryTalk products are the remote Windows host. This plugin provides a best guess at the software version. Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote.....

ocPortal Arbitrary File Disclosure and XSS Vulnerabilities

ocPortal is prone to multiple cross-site scripting vulnerabilities and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied...

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what...

IBM MQ Server and Client Installed (Linux)

IBM MQ (formerly IBM WebSphere MQ) message queuing server or related client software is installed on the remote Linux...

Joomla! JooProperty Component SQLi and XSS Vulnerabilities

The JooProperty component for Joomla! is prone to an SQL injection (SQLi) vulnerability and a cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied...

Joomla Jomdirectory and Advert Components SQLi Vulnerabilities

Joomla with Jomdirectory and/or Advert components is prone to SQL injection...

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not.....

Build Numbers and Versions of Veeam Plug-ins for Enterprise Applications

Build Numbers and Versions of Veeam Plug-ins for Enterprise Applications (Veeam Plug-in for SAP HANA, Veeam Plug-in for Oracle RMAN, Veeam Plug-in for SAP on Oracle, Veeam Plug-in for Microsoft SQL...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to insecure cryptographic algorithm and information disclosure due to DB2 JDBC Driver (CVE-2023-47152)

Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for...

miekg/dns parsing error leads to nil pointer dereference and DoS

An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of...

CVE-2023-45195 Adminer and AdminerEvo SSRF

Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version...

Slider Revolution < 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes

Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes......

IBM DB2 and DB2 Connect Detection (credentialed)

IBM DB2 or DB2 Connect, an enterprise database solution, is installed on the remote...

Path traversal and user privilege escalation in github.com/IceWhaleTech/CasaOS-UserService

The UserService API contains a path traversal vulnerability that allows an attacker to obtain any file on the system, including the user database and system configuration. This can lead to privilege escalation and compromise of the...

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

Denial of service in net/http and golang.org/x/net/http2

HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of...

Oracle RDBMS Host Name and Patch Info

Nessus was able, using the supplied credentials, to query the remote Oracle RDBMS and determine the system hostname and database patch...

CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated...