Exploit for Injection in Cacti
Sure! Here's a "dope" README.md for your PricklyPwn project:...
9.9AI Score
CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...
7.8CVSS
8.3AI Score
0.192EPSS
Cacti < 0.8.6f Authentication Bypass Vulnerability
The Cacti application running on the remote web server is affected by an authentication bypass...
6.7AI Score
0.03EPSS
Cacti Local File Inclusion Vulnerability
The Cacti application running on the remote web server is affected by a local file inclusion vulnerability due to improperly validating user-supplied input to the 'config[include_path]' parameter in 'config_settings.php'. A remote attacker can exploit this to execute arbitrary PHP...
6.9AI Score
0.05EPSS
AD Starter Scan - Primary Group ID integrity
Groups are the standard way of providing access to resources in an environment. Therefore group membership should be treated with utmost care. A less known Active Directory feature can be used for the same purpose: Primary Group ID. This is a mechanism that was created to support legacy UNIX...
6.8AI Score
Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
7.3AI Score
0.0004EPSS
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before...
7.9AI Score
0.008EPSS
inc-conso.fr Cross Site Scripting vulnerability OBB-3872425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global...
7.5AI Score
0.006EPSS
data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false...
8.8CVSS
8.8AI Score
0.005EPSS
10CVSS
6.8AI Score
0.001EPSS
Cacti < 0.8.8b Command and SQL Injections
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.8b. It is, therefore, potentially affected by command injection and SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input to.....
9.5AI Score
0.013EPSS
Plone allows a user to masquerade as a group
Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a...
7AI Score
0.003EPSS
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false...
8.7AI Score
0.007EPSS
Cacti < 0.8.7f Multiple Input Validation Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7f. It is, therefore, potentially affected by the following vulnerabilities : A vulnerability exists in 'templates_export.php' due to improper validation of input to...
7.1AI Score
0.006EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2022-2586-LPE LPE N-day Exploit for...
7.8CVSS
7.2AI Score
0.01EPSS
CVE-2024-29895 Cacti CVE-2024-29895 POC A command injection...
10CVSS
8.6AI Score
0.001EPSS
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...
7.8AI Score
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in...
8.8CVSS
8.8AI Score
0.001EPSS
next-group-hd.co.jp Cross Site Scripting vulnerability OBB-3914054
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...
5.9CVSS
5.7AI Score
0.008EPSS
Debian DLA-1757-1 : cacti security update
It was discovered that there were a number of cross-site scripting vulnerabilities (XSS) in cacti, a web-based front-end for the RRDTool monitoring tool. For Debian 8 'Jessie', this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u7. We recommend that you upgrade your cacti packages. NOTE:....
5.4CVSS
5.9AI Score
0.001EPSS
Fedora: Security Advisory for cacti (FEDORA-2024-27a594f71d)
The remote host is missing an update for...
9.1CVSS
6.2AI Score
0.002EPSS
CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...
9.8CVSS
10AI Score
0.002EPSS
Cacti < 0.8.7g Multiple XSS and HTML Injection Vulnerabilities
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7g. It is, therefore, potentially affected by multiple cross-site scripting and HTML injection vulnerabilities. An attacker may be able to exploit these issues to inject...
6.3AI Score
0.023EPSS
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV (ExpGLV) can sometimes give incorrect results compared to normal exponentiation (Exp). The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact...
6.8AI Score
CVE-2024-29895 Cacti command injection in cmd_realtime.php
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On. In cmd_realtime.php line 119, the $poller_id...
10CVSS
10AI Score
0.001EPSS
CVE-2024-30268 Cacti XSS vulnerability in display_settings
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...
6.1CVSS
5.9AI Score
0.0004EPSS
CVE-2024-30268 Cacti XSS vulnerability in display_settings
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...
6.1CVSS
6AI Score
0.0004EPSS
Chinese ‘Smishing Triad’ Group Targets Pakistanis with SMS Phishing
Protect yourself from Smishing attacks in Pakistan! Smishing Triad, a notorious cybercriminal group, is targeting Pakistani bank customers with fake Pakistan Post messages. Learn how to identify and avoid these scams to protect your financial...
7.2AI Score
CVE-2024-29895 Cacti command injection in cmd_realtime.php
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On. In cmd_realtime.php line 119, the $poller_id...
10CVSS
8.1AI Score
0.001EPSS
ViLe Cybercrime Group Members Plead Guilty to Hacking DEA Portal
"ViLe" Hackers Busted! Two men plead guilty to breaching a federal law enforcement portal. Learn about the dangers of cybercrime, doxxing, and how authorities are working to combat these threats. This case highlights the importance of cybersecurity for law enforcement and the consequences for...
7.2AI Score
ProfileGrid < 5.8.3 - Bypass Group Members Limit
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to group limit bypass in all versions up to, and including, 5.8.2. This is due to the plugin not properly verifying the limits of a group before adding a member. This makes it...
4.3CVSS
6.8AI Score
0.0004EPSS
TIBCO Security Advisory: June 11, 2024 - TIBCO EBX - CVE-2024-4576
TIBCO EBX File Inclusion Vulnerability Original release date: June 11, 2024 Last revised: June 12, 2024 CVE-2024-4576 Source: TIBCO Software Inc. Products Affected TIBCO EBX versions 5.9.25 and below TIBCO EBX versions 6.1.3 HF2 and below Component affected: EBX Add-ons Description The...
6.6AI Score
0.0004EPSS
Chinese Espionage Group “ChamelGang” Uses Attacks for Disruption and Data Theft
Beware! Chinese cyberespionage group ChamelGang targets critical infrastructure like aviation and government systems. SentinelOne report reveals potential attacks across Asia. Learn more about ChamelGang's cyberespionage...
7.3AI Score
Fedora: Security Advisory for cacti-spine (FEDORA-2024-27a594f71d)
The remote host is missing an update for...
9.1CVSS
6.2AI Score
0.002EPSS
8.2AI Score
0.0004EPSS
CVE-2024-34029 AD/LDAP Group Members Leak
Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups//channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if...
4.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-34029 AD/LDAP Group Members Leak
Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups//channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if...
4.3CVSS
4.5AI Score
0.0004EPSS
IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed--but probably surprisingly small--sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM's cybersecurity offerings, mostly and weirdly...
7AI Score
7CVSS
7.9AI Score
0.0005EPSS
Misconfigured Certificate Template Finder
This module allows users to query a LDAP server for vulnerable certificate templates and will print these certificates out in a table along with which attack they are vulnerable to and the SIDs that can be used to enroll in that certificate template. Additionally the module will also print out a...
7.1AI Score
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. In the newly discovered campaign, we observed a wider scope of targets spread across countries in EMEA and Asia, compared with previous...
7AI Score
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network...
6.5CVSS
6.6AI Score
0.002EPSS
VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...
7.8CVSS
8.2AI Score
0.192EPSS
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This.....
6.4CVSS
5.8AI Score
0.001EPSS
Linux Hardened Repository Unable to Update Immutability or Remove Restore Points due to SGID
Due to the SGID bit, all files created within this directory inherit the directory's group ownership. This conflicts with the verification routine in VBR that ensures the .veeam.lock file belongs to the root user and root...
7.1AI Score
Exploit for OS Command Injection in Gitlab
CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...
9.9CVSS
8.5AI Score
0.455EPSS
7.4AI Score
Paste Script has improper group memberships permissions
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local...
6.8AI Score
0.045EPSS