Volume 24 – Number 46

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Fixes Two Exploited Vulnerabilities

Published: 2024-11-19.

Last Updated: 2024-11-19 21:56:52 UTC

by Johannes Ullrich (Version: 1)

Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.

CVE-2024-44308

A vulnerability in JavaScriptCore. It could be triggered by the user visiting a malicious web page and may lead to arbitrary code execution.

CVE-2024-44309

This vulnerability affects WebKit. A vulnerability in the cookie management system may lead to cross-site scripting. The description is sparse, but it may indicate that an attacker could set a malicious cookie that will inject JavaScript or HTML into a web page.

Patches have been released for Safari and all of Apple's operating systems (including iOS/iPadOS/VisionOS, which is not used on Intel-based systems).

https://isc.sans.edu/diary/Apple+Fixes+Two+Exploited+Vulnerabilities/31452/

Exploit attempts for unpatched Citrix vulnerability

Published: 2024-11-18.

Last Updated: 2024-11-18 05:59:56 UTC

by Johannes Ullrich (Version: 1)

illustration showing citrix logo on top of exploit code.Last week, Watchtowr Labs released details describing a new and so far unpatched vulnerability in Citrix's remote access solution (https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/). Specifically, the vulnerability affects the "Virtual Apps and Desktops." This solution allows "secure" remote access to desktop applications. It is commonly used for remote work, and I have seen it used in call center setups to isolate individual workstations from the actual desktop. The Watchtowr blog describes it as:

"This is a tech stack that enables end-users (and likely, your friendly neighbourhood ransomware gang) to access their full desktop environment from just about anywhere, whether they’re using a laptop, tablet, or even a phone."

One fundamental problem with this solution is that all desktops run on the same server, and a privilege escalation vulnerability will not just "root" the particular desktop, but the server and all sessions connected to it.

Citrix also includes the ability to record sessions and store these recordings for an administrator to review. Sadly, the review process uses a .Net function subject to deserialization vulnerabilities. Watchtowr published sample exploit code on GitHub. The exploit is triggered without the need to authenticate first.

So here is a sample exploit I have seen today ...

Read the full entry: https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446/

Internet Storm Center Entries

Detecting the Presence of a Debugger in Linux (2024.11.19)

https://isc.sans.edu/diary/Detecting+the+Presence+of+a+Debugger+in+Linux/31450/

Ancient TP-Link Backdoor Discovered by Attackers (2024.11.17)

https://isc.sans.edu/diary/Ancient+TPLink+Backdoor+Discovered+by+Attackers/31442/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-0012 - Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

Product: Palo Alto Networks PAN-OS

CVSS Score: 9.8

** KEV since 2024-11-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0012

ISC Podcast: https://isc.sans.edu/podcastdetail/9226

NVD References: https://security.paloaltonetworks.com/CVE-2024-0012

CVE-2024-9474 - Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Product: Palo Alto Networks PAN-OS

CVSS Score: 7.2

** KEV since 2024-11-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9474

ISC Podcast: https://isc.sans.edu/podcastdetail/9226

NVD References: https://security.paloaltonetworks.com/CVE-2024-9474

CVE-2024-23113 - Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 are vulnerable to a use of externally-controlled format string, enabling an attacker to execute unauthorized code or commands via specially crafted packets.

Product: Fortinet (multiple products)

CVSS Score: 0

** KEV since 2024-10-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23113

ISC Podcast: https://isc.sans.edu/podcastdetail/9222

CVE-2024-47575 - FortiManager versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.12, Fortinet FortiManager Cloud versions 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, and 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 are vulnerable to a missing authentication flaw that allows an attacker to execute arbitrary code or commands via specially crafted requests.

Product: Fortinet FortiManager

CVSS Score: 0

** KEV since 2024-10-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47575

ISC Podcast: https://isc.sans.edu/podcastdetail/9222

CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

** KEV since 2024-11-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49039

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039

CVE-2024-43093 - ExternalStorageProvider.java in Android allows for a possible bypass of a file path filter, leading to local privilege escalation without requiring additional execution privileges, due to incorrect unicode normalization.

Product: Google Android

CVSS Score: 7.8

** KEV since 2024-11-07 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43093

NVD References: https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed

NVD References: https://source.android.com/security/bulletin/2024-11-01

CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 6.5

** KEV since 2024-11-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43451

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451

CVE-2024-1212 - Progress Kemp LoadMaster OS Command Injection Vulnerability

Product: Kemp LoadMaster

CVSS Score: 0

** KEV since 2024-11-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1212

CVE-2024-49574 - Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

Product: Zohocorp ManageEngine ADAudit Plus

CVSS Score: 8.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49574

ISC Podcast: https://isc.sans.edu/podcastdetail/9224

NVD References: https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html

CVE-2024-11099 - Code-projects Job Recruitment 1.0 is vulnerable to a critical SQL injection flaw in the /login.php file, allowing for remote attacks using a manipulated email argument.

Product: Anisha Job Recruitment

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11099

NVD References:

- https://code-projects.org/

- https://github.com/Kenton868/CVE/blob/main/sqlInjection1.md

CVE-2024-11100, CVE-2024-11101, CVE-2024-11257, & CVE-2024-11258 - 1000 Projects Beauty Parlour Management System 1.0 Critical SQL injection vulnerabilities

Product: 1000Projects Beauty Parlour Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11100

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11101

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11257

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11258

NVD References: https://1000projects.org/

NVD References: https://github.com/Hacker0xone/CVE/issues/6

NVD References: https://github.com/Hacker0xone/CVE/issues/7

NVD References: https://github.com/Hacker0xone/CVE/issues/10

NVD References: https://github.com/Hacker0xone/CVE/issues/11

CVE-2024-11256 - 1000 Projects Portfolio Management System MCA 1.0 is vulnerable to remote sql injection via manipulation of the username argument in /login.php.

Product: 1000Projects Portfolio Management System MCA

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11256

NVD References: https://1000projects.org/

NVD References: https://github.com/Hacker0xone/CVE/issues/8

CVE-2024-44102 - PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) and other versions with redundancy configured allow remote attackers to execute arbitrary code with SYSTEM privileges.

Product: Siemens Telecontrol_Server_Basic

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44102

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-454789.html

CVE-2024-46888 - SINEC INS (All versions < V1.0 SP2 Update 3) is vulnerable to file manipulation and arbitrary code execution by authenticated remote attackers due to improper path sanitization in SFTP file transfers.

Product: Siemens Sinec_Ins 1.0

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46888

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-915275.html

CVE-2024-46890 - SINEC INS is vulnerable to a remote code execution attack due to insufficient input validation in its web API endpoints.

Product: Siemens Sinec_Ins 1.0

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46890

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-915275.html

CVE-2024-50557 - RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3, SCALANCE M876-4, SCALANCE MUM853-1, SCALANCE MUM856-1, SCALANCE S615 EEC LAN-Router, SCALANCE S615 LAN-Router are affected by a vulnerability that could allow remote attackers to execute arbitrary code.

Product: Siemens Scalance_S615_Firmware

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50557

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-354112.html

CVE-2024-43415 - Decidim_awesome-module <= v0.11.1 (> 0.9.0) allows authenticated admin users to manipulate sql queries and execute commands, due to improper neutralization of special elements in SQL commands.

Product: decidim_awesome-module

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43415

NVD References:

- https://github.com/decidim-ice/decidim-module-decidim_awesome/commit/84374037d34a3ac80dc18406834169c65869f11b

- https://github.com/decidim-ice/decidim-module-decidim_awesome/security/advisories/GHSA-cxwf-qc32-375f

- https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability

CVE-2024-50330 - Ivanti Endpoint Manager is vulnerable to SQL injection before the 2024 November Security Update, allowing a remote unauthenticated attacker to achieve remote code execution.

Product: Ivanti Endpoint Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50330

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022

CVE-2024-11005, CVE-2024-11006, & CVE-2024-38656 - Ivanti Connect Secure and Ivanti Policy Secure command injection (CVE-2024-11005 & CVE-2024-11006) and argument injection (CVE-2024-38656) vulnerabilities

Product: Ivanti Connect Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11005

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11006

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38656

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

CVE-2024-52297 - Tolgee 3.81.1 publicly exposed all configuration properties in the PublicConfigurationDTO, but this vulnerability is fixed in v3.81.2.

Product: Tolgee

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52297

NVD References:

- https://github.com/tolgee/tolgee-platform/pull/2481/files#diff-d16735590f0f2db7cd782e2966fa18426b94b5e4030fa8b1f5e00cd55686fe7f

- https://github.com/tolgee/tolgee-platform/pull/2689/files

- https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-3wr3-889v-pgcj

CVE-2024-10943 - Rockwell Automation FactoryTalk® Updater – Web Client is vulnerable to an authentication bypass due to shared secrets, allowing a threat actor to impersonate a user by enumerating additional information during authentication.

Product: Rockwell Automation FactoryTalk® Updater – Web Client

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10943

NVD References:

- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201710.html

- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html

CVE-2024-49369 - Icinga's TLS certificate validation flaw in versions 2.4.0 and above allows attackers to impersonate trusted cluster nodes and API users, but has been fixed in versions 2.14.3, 2.13.10, 2.12.11, and 2.11.12.

Product: Icinga 2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49369

NVD References:

- https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv

- https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3

CVE-2024-43498 - .NET and Visual Studio Remote Code Execution Vulnerability

Product: Microsoft .Net

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43498

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498

CVE-2024-43602 - Azure CycleCloud Remote Code Execution Vulnerability

Product: Microsoft Azure Cyclecloud

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43602

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602

CVE-2024-43639 - Windows Kerberos Remote Code Execution Vulnerability

Product: Microsoft Windows Server 2012

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43639

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639

CVE-2024-8068 & CVE-2024-8069 - Citrix Session Recording vulnerabilities allow privilege escalation to NetworkService Account access (CVE-2024-8068) and Limited remote code execution with privilege of a NetworkService Account access (CVE-2024-8069)

Product: Citrix Session Recording

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8068

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8069

ISC Podcast: https://isc.sans.edu/podcastdetail/9224

NVD References: https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

CVE-2023-52268 - FreeScout's End-User Portal module before version 1.0.65 allows attackers to authenticate as any user by sending a session token to the /auth endpoint.

Product: FreeScout End-User Portal

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52268

NVD References:

- https://freescout.net/module/end-user-portal/

- https://freescout.net/modules-faq/

- https://github.com/squ1dw3rm/CVE-2023-52268

CVE-2024-10575 - Schneider-Electric EcoStruxure IT Gateway has a missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

Product: Schneider-Electric EcoStruxure IT Gateway

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10575

NVD References: https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf

CVE-2024-21541 - Dom-iterator is vulnerable to Arbitrary Code Execution by using the Function constructor without thorough input sanitization, leading to risks similar to allowing attacker-controlled input to reach eval.

Product: Matthewmueller Dom-Iterator

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21541

NVD References: https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199

CVE-2022-45157 - Rancher is storing vSphere CPI and CSI passwords in plaintext, exposing them to potential security risks for users deploying clusters in vSphere environments.

Product: Rancher vSphere

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45157

NVD References:

- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-45157

- https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v

CVE-2024-48510 - DotNetZip v.1.16.0 and before is susceptible to a Directory Traversal vulnerability, potentially allowing a remote attacker to execute arbitrary code.

Product: Dotnetzip.Semverd_Project Dotnetzip.Semverd

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48510

NVD References:

- https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731

- https://github.com/haf/DotNetZip.Semverd

- https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/

- https://www.nuget.org/packages/DotNetZip/

CVE-2024-52300 - Macro-pdfviewer is susceptible to XSS attacks through the width parameter, allowing a user with page editing capabilities to compromise the XWiki installation.

Product: Xwiki PDF Viewer Macro

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52300

NVD References: https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g

CVE-2024-52306 - FileManager allows remote code execution through deserialization of untrusted data from the mimes parameter in versions prior to 3.0.9.

Product: Backpackforlaravel Filemanager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52306

NVD References:

- https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b

- https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2

CVE-2024-50306 - Apache Traffic Server is vulnerable to privilege retention on startup due to unchecked return values in versions 9.2.0 through 9.2.5 and 10.0.0 through 10.0.1, prompting users to upgrade to versions 9.2.6 or 10.0.2 for a fix.

Product: Apache Traffic Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50306

NVD References: https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y

CVE-2024-47208 - Apache OFBiz is vulnerable to SSRF and Code Injection attacks before version 18.12.17, prompting users to upgrade to the latest release for a fix.

Product: Apache OFBiz

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47208

NVD References:

- https://issues.apache.org/jira/browse/OFBIZ-13158

- https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11

- https://ofbiz.apache.org/download.html

- https://ofbiz.apache.org/security.html

CVE-2024-52316 - Apache Tomcat is vulnerable to an Unchecked Error Condition that may allow users to bypass authentication in certain configurations.

Product: Apache Tomcat

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52316

NVD References: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928

CVE-2024-11209 - Apereo CAS 6.6 has a critical vulnerability in the 2FA component that allows for improper authentication through remote attack initiation, despite vendor notification.

Product: Apereo Central Authentication Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11209

NVD References: https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562

CVE-2024-37285 - Kibana is vulnerable to a deserialization issue that can allow arbitrary code execution under specific Elasticsearch indices and Kibana privileges.

Product: Elastic Kibana

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37285

NVD References: https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119

CVE-2024-50823 & CVE-2024-50833 - KASHIPARA E-learning Management System Project 1.0 SQL Injection Vulnerabilities

Product: Lopalopa E-Learning Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50823

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50833

NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20login%20page.pdf

NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20admin%20login.pdf

CVE-2024-4343 - The `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0, is susceptible to a Python command injection vulnerability that can allow an attacker to execute arbitrary commands on the system hosting the application.

Product: imartinez privategpt

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4343

NVD References:

- https://github.com/imartinez/privategpt/commit/86368c61760c9cee5d977131d23ad2a3e063cbe9

- https://huntr.com/bounties/1d1e8f06-ec45-4b17-ae24-b83a41304c15

CVE-2024-9832 - Ventilator allows unlimited failed login attempts, potentially enabling unauthorized access and disruption of device function or information disclosure through a brute-force attack.

Product: Medtronic Newport HT70 and HT70 Plus Ventilators

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9832

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-9834 - Ventilator's serial interface lacks proper data protection, allowing attackers to access and manipulate device settings and leak confidential information.

Product: Medtronic Ventilator

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9834

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-48966 - The ventilator's software tools lack user authentication, allowing an attacker with access to the Service PC to obtain diagnostic information or manipulate settings without authentication, potentially leading to unauthorized disclosure or unintended impacts on device performance.

Product: Medtronic Ventilator

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48966

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-48967 - The ventilator and Service PC have inadequate audit logging, enabling attackers to modify settings without detection and potentially compromise patient data and device functionality.

Product: Philips Respironics Trilogy ventilator

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48967

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-48970 - The ventilator has a vulnerability where an attacker could access the internal JTAG interface to disrupt its function and potentially disclose sensitive information.

Product: Philips Respironics V60 Ventilator

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48970

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-48971 - Ventilator's hard-coded Clinician Password and Serial Number Clinician Password could be exploited by attackers to gain unauthorized access with clinician privileges.

Product: Medtronic PB560 Ventilator

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48971

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-48973 - The ventilator's debug port is enabled by default, potentially exposing sensitive information and allowing for unauthorized access and manipulation of device settings.

Product: Medtronic Ventilator

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48973

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-48974 - The ventilator is vulnerable to unauthorized changes and compromised functionality due to a lack of proper file integrity checks when adopting firmware updates.

Product: Medtronic Ventilator

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48974

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

CVE-2024-11120 - GeoVision devices are vulnerable to OS Command Injection, allowing remote attackers to execute arbitrary commands, with confirmed reports of exploitation.

Product: GeoVision EOL GeoVision devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11120

NVD References:

- https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html

- https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html

CVE-2021-3838 - DomPDF before version 2.0.0 is vulnerable to PHAR deserialization, allowing for remote code execution by passing in the phar:// protocol to unserialize uploaded files.

Product: Dompdf Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-3838

NVD References:

- https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a

- https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e

CVE-2021-3902 - dompdf/dompdf's SVG parser is vulnerable to XXE, allowing attackers to exploit SSRF and deserialization attacks, affecting all versions before 2.0.0.

Product: Dompdf Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-3902

NVD References:

- https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799

- https://huntr.com/bounties/a6071c07-806f-429a-8656-a4742e4191b1

CVE-2022-1884 - Gogs/gogs versions <=0.12.7 on Windows servers is vulnerable to remote command execution through improper validation of the `tree_path` parameter during file uploads.

Product: Gogs

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-1884

NVD References: https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b

CVE-2024-10443 - Synology BeePhotos and Synology Photos are vulnerable to remote code execution due to improper neutralization of special elements, allowing attackers to execute arbitrary code through unspecified vectors.

Product: Synology Photos

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10443

NVD References:

- https://www.synology.com/en-global/security/advisory/Synology_SA_24_18

- https://www.synology.com/en-global/security/advisory/Synology_SA_24_19

CVE-2024-10534 - Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) are vulnerable to Traffic Injection before 2024.

Product: Dataprom Personnel Attendance Control Systems \\/ Access Control Security Systems

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10534

NVD References: https://www.usom.gov.tr/bildirim/tr-24-1856

CVE-2024-11237 - TP-Link VN020 F3v(T) TT_V6.2.1021 has a critical stack-based buffer overflow vulnerability in its DHCP DISCOVER Packet Parser component, allowing for remote attacks using a manipulated hostname argument.

Product: TP-Link VN020 F3v(T)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11237

NVD References:

- https://github.com/Zephkek/TP-Thumper

- https://github.com/Zephkek/TP-Thumper/blob/main/poc.c

- https://www.tp-link.com/

CVE-2023-20154 - Cisco Modeling Labs has a vulnerability in its external authentication mechanism allowing unauthenticated attackers to access the web interface with administrative privileges.

Product: Cisco Modeling Labs

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20154

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5

CVE-2023-20036 - Cisco IND contains a vulnerability in the web UI that could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

Product: Cisco IND

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20036

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

CVE-2024-45970 & CVE-2024-45971 - MZ Automation LibIEC61850 is vulnerable to multiple buffer overflows in the MMS Client, allowing a malicious server to trigger a stack-based buffer overflow through the MMS FileDirResponse message.

Product: MZ Automation LibIEC61850

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45970

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45971

NVD References:

- https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-automations-mms-client/

- https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc

- https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0

CVE-2024-10934 - OpenBSD may experience mbuf double free issues and uninitialized variables in NFS client and server implementation.

Product: OpenBSD

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10934

NVD References:

- https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig

- https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig

CVE-2024-11263 - Vulnerable product enables Global Pointer relative addressing, causing the gp reg to point at 0x800 bytes past start of the .sdata section for linker relaxation.

Product: RISC-V

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11263

NVD References: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9

CVE-2023-43091 - GNOME Maps is vulnerable to a code injection attack via its service.json configuration file, allowing for the execution of arbitrary code if the configuration file is malicious.

Product: GNOME Maps

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43091

NVD References:

- https://bugzilla.redhat.com/show_bug.cgi?id=2239091

- https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea

- https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588

CVE-2015-20111 - Bitcoin Core before 0.12 and other products are vulnerable to buffer overflows due to lack of checks for snprintf return values, potentially leading to significant data leaks and remote code execution.

Product: miniupnp Bitcoin Core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2015-20111

NVD References:

- https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/

- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

- https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6

- https://github.com/miniupnp/miniupnp/pull/157

CVE-2024-11311 through CVE-2024-11315 - The DVC from TRCore is vulnerable to path traversal and unrestricted file uploads, allowing remote attackers to upload arbitrary files for potential code execution.

Product: TRCore DVC

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11311

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11312

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11313

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11314

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11315

NVD References: https://www.twcert.org.tw/en/cp-139-8247-83457-2.html

NVD References: https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html

NVD References: https://www.twcert.org.tw/en/cp-139-8249-65252-2.html

NVD References: https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html

NVD References: https://www.twcert.org.tw/tw/cp-132-8250-1837b-1.html

NVD References: https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html

NVD References: https://www.twcert.org.tw/tw/cp-132-8252-91d6a-1.html

NVD References: https://www.twcert.org.tw/en/cp-139-8255-0bb1a-2.html

NVD References: https://www.twcert.org.tw/tw/cp-132-8254-8daa2-1.html

CVE-2024-42383 - Cesanta Mongoose Web Server v7.14 allows attackers to write a NULL byte value beyond the memory space dedicated for the hostname field.

Product: Cesanta Mongoose

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42383

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42383

CVE-2024-11319 - django-cms Association django-cms is vulnerable to XSS due to improper neutralization of input during web page generation, impacting versions 3.11.7, 3.11.8, 4.1.2, and 4.1.3.

Product: django CMS Association

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11319

NVD References:

- https://github.com/django-cms/django-cms/commit/241d1cbe47a68f5d271ce4d27ad5e32e2c360ec3

- https://iltosec.com/blog/post/django-cms-413-stored-xss-vulnerability-exploiting-the-page-title-field/

- https://www.django-cms.org/en/blog/2024/11/13/django-cms-security-update/

- https://www.usom.gov.tr/bildirim/tr-24-1859

CVE-2024-47533 - Cobbler has an improper authentication vulnerability in versions 3.0.0 and prior, allowing unauthorized access to the server.

Product: Cobbler

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47533

NVD References:

- https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0

- https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda

- https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h

CVE-2024-50919 - Jpress v5.1.1 allows for arbitrary file uploads and non-standard file format execution on Windows platforms.

Product: JPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50919

NVD References:

- https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3

- https://github.com/JPressProjects/jpress

- https://github.com/microvorld/CVE-2024/blob/main/jpress.md

CVE-2024-51053 - AVSCMS v8.2.0 is vulnerable to arbitrary file upload, allowing attackers to execute arbitrary code by uploading a crafted file.

Product: AVSCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51053

NVD References: https://binqqer.com/posts/CVE-2024-51053/

CVE-2024-51051 - AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.

Product: No vendor name provided AVSCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51051

NVD References:

- https://binqqer.com/posts/CVE-2024-51051/

- https://github.com/avscms/avscms/blob/main/include/config.local.php

CVE-2024-42450 - The Versa Director vulnerability allows unauthenticated attackers to access and administer the database or read local filesystem contents, potentially escalating privileges on the system.

Product: Versa Networks Versa Director

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42450

NVD References: https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3

CVE-2024-10820 - The WooCommerce Upload Files plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the affected site's server, leading to potential remote code execution.

Product: Vanquish Woocommerce Upload Files

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10820

NVD References:

- https://codecanyon.net/item/woocommerce-upload-files/11442983

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve

CVE-2024-10828 - The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.5.5, allowing unauthenticated attackers to inject a PHP Object and potentially execute remote code.

Product: Algolplus Advanced Order Export For Woocommerce

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10828

NVD References:

- https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83

- https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve

CVE-2024-11150 - The WordPress User Extra Fields plugin is vulnerable to arbitrary file deletion leading to possible remote code execution.

Product: Vanquish User Extra Fields

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11150

NVD References:

- https://codecanyon.net/item/user-extra-fields/12949844

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cve

CVE-2024-11028 - The MultiManager WP plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to impersonate any existing user up to version 1.0.5.

Product: Icdsoft Multimanager WP

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11028

NVD References:

- https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp

- https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp

- https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp

- https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve

CVE-2024-10571 - The Chartify WordPress Chart Plugin is vulnerable to Local File Inclusion up to version 2.9.5, allowing unauthenticated attackers to execute arbitrary files on the server and potentially access sensitive data or gain code execution.

Product: Ays-Pro Chartify

Active Installations: 2,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10571

NVD References:

- https://plugins.trac.wordpress.org/browser/chart-builder/tags/2.9.6/admin/partials/charts/actions/chart-builder-charts-actions-options.php?rev=3184238

- https://www.wordfence.com/threat-intel/vulnerabilities/id/d4837258-c749-4194-926c-22b67e20c1fc?source=cve

CVE-2024-10924 - The Really Simple Security plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1, allowing unauthenticated attackers to log in as any existing user on the site.

Product: Really Simple Plugins Really Simple Security

Active Installations: 4+ million

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10924

NVD References:

- https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L277

- https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L278

- https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L67

- https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl

- https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5d05ad-1a7a-43d2-bbbf-597e975446be?source=cve

CVE-2024-8856 - The Backup and Staging by WP Time Capsule plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to missing file type validation and direct file access prevention.

Product: WP Time Capsule Backup and Staging

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8856

NVD References:

- https://plugins.trac.wordpress.org/browser/wp-time-capsule/trunk/wp-tcapsule-bridge/upload/php/UploadHandler.php

- https://plugins.trac.wordpress.org/changeset/3188325/

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153289%40wp-time-capsule&new=3153289%40wp-time-capsule&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc2de78-5601-461f-b2f0-c80b592ccb1b?source=cve

CVE-2024-52372 - WebTechGlobal Easy CSV Importer BETA allows for unrestricted upload of dangerous file types, putting web servers at risk of being compromised by uploading web shells.

Product: WebTechGlobal Easy CSV Importer BETA

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52372

NVD References: https://patchstack.com/database/vulnerability/easy-csv-importer/wordpress-easy-csv-importer-plugin-7-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52373 - Devexhub Gallery allows unrestricted upload of dangerous file types, enabling malicious users to upload a web shell to a web server.

Product: Team Devexhub Gallery

Active Installations: This plugin has been closed as of November 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52373

NVD References: https://patchstack.com/database/vulnerability/devexhub-gallery/wordpress-devexhub-gallery-plugin-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52374 - Do That Task allows for the unrestricted upload of dangerous file types, posing a risk of uploading a web shell to a web server.

Product: DoThatTask Do That Task

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52374

NVD References: https://patchstack.com/database/vulnerability/do-that-task/wordpress-do-that-task-plugin-1-5-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52375 - Arttia Creative Datasets Manager by Arttia Creative allows for unrestricted upload of files with dangerous types, making it vulnerable from n/a through 1.5.

Product: Arttia Creative Datasets Manager

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52375

NVD References: https://patchstack.com/database/vulnerability/datasets-manager-by-arttia-creative/wordpress-datasets-manager-by-arttia-creative-plugin-1-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52376 - Boat Rental Plugin for WordPress allows unrestricted upload of dangerous file types, enabling attackers to upload web shells to a web server.

Product: cmsMinds Boat Rental Plugin

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52376

NVD References: https://patchstack.com/database/vulnerability/boat-rental-system/wordpress-boat-rental-plugin-for-wordpress-plugin-1-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52379 - kineticPay for WooCommerce allows for unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.

Product: Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52379

NVD References: https://patchstack.com/database/vulnerability/kineticpay-for-woocommerce/wordpress-kineticpay-for-woocommerce-plugin-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52380 - Picsmize by Softpulse Infotech allows attackers to upload a web shell onto a web server due to a vulnerability in file upload functionality.

Product: Softpulse Infotech Picsmize

******Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52380

NVD References: https://patchstack.com/database/vulnerability/picsmize/wordpress-picsmize-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52382 - Matix Popup Builder by Medma Technologies allows Privilege Escalation through Missing Authorization, affecting versions from n/a to 1.0.0.

Product: Medma Technologies Matix Popup Builder

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52382

NVD References: https://patchstack.com/database/vulnerability/medma-matix/wordpress-matix-popup-builder-plugin-1-0-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-52384 - Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.

Product: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation

Active Installations: This plugin has been closed as of November 6, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52384

NVD References: https://patchstack.com/database/vulnerability/ai-content-generator/wordpress-sage-ai-chatbots-openai-gpt-4-bulk-articles-dalle-3-image-generation-plugin-2-4-9-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52393 - Podlove Podcast Publisher is vulnerable to improper neutralization of special elements used in a template engine, impacting versions from n/a through 4.1.15.

Product: Podlove Podcast Publisher

Active Installations: 5,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52393

NVD References: https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-52369 - Optimal Access Inc. KBucket allows attackers to upload a malicious web shell to a web server due to an unrestricted file upload vulnerability.

Product: Optimal Access Inc. KBucket

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52369

NVD References: https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52399 - Clarisse K. Writer Helper allows unrestricted file upload of dangerous types, potentially enabling attackers to upload a web shell onto a web server.

Product: Clarisse Writer Helper

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52399

NVD References: https://patchstack.com/database/vulnerability/writer-helper/wordpress-writer-helper-plugin-3-1-6-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52400 - Gallerio allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server, impacting versions from n/a through 1.01.

Product: Subhasis Laha Gallerio

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52400

NVD References: https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52403 - WPExperts User Management is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload web shells onto a web server from version n/a through 1.1.

Product: WPExperts User Management

Active Installations: This plugin has been closed as of November 4, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52403

NVD References: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52404 - Bigfive CF7 Reply Manager allows for the unrestricted upload of files with dangerous types, affecting versions n/a through 1.2.3.

Product: Bigfive CF7 Reply Manager

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52404

NVD References: https://patchstack.com/database/vulnerability/cf7-reply-manager/wordpress-cf7-reply-manager-plugin-1-2-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52405 - B-Banner Slider allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.

Product: Bikram Joshi B-Banner Slider

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52405

NVD References: https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52406 - Wibergs Web CSV to html allows unauthorized upload of dangerous files, posing a risk of web shell installation on the server from version n/a through 3.04.

Product: Wibergs Web CSV to html

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52406

NVD References: https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52407 - BasePress Migration Tools allows for unrestricted upload of dangerous file types that could potentially lead to a web server being compromised.

Product: codeSavory BasePress Migration Tools

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52407

NVD References: https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52408 - Push Notifications for WordPress by PushAssist allows unauthorized users to upload dangerous files, potentially leading to the execution of malicious code on the web server.

Product: PushAssist Team PushAssist Push Notifications for WordPress

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52408

NVD References: https://patchstack.com/database/vulnerability/push-notification-for-wp-by-pushassist/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.

Product: Phan An AJAX Random Posts

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52409

NVD References: https://patchstack.com/database/vulnerability/ajax-random-posts/wordpress-ajax-random-posts-plugin-0-3-3-php-object-injection-vulnerability?_s_id=cve

CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.

Product: Phoenixheart Referrer Detector

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52410

NVD References: https://patchstack.com/database/vulnerability/referrer-detector/wordpress-referrer-detector-plugin-4-2-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.

Product: Flowcraft UX Design Studio Advanced Personalization

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52411

NVD References: https://patchstack.com/database/vulnerability/personalization-by-flowcraft/wordpress-advanced-personalization-plugin-1-1-2-php-object-injection-vulnerability?_s_id=cve

CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.

Product: Stephen Cui Xin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412

NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve

CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.

Product: Anthony Carbon WDES Responsive Mobile Menu

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52414

NVD References: https://patchstack.com/database/vulnerability/wdes-responsive-mobile-menu/wordpress-wdes-responsive-mobile-menu-plugin-5-3-18-php-object-injection-vulnerability?_s_id=cve

CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.

Product: Eugen Bobrowski Debug Tool

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416

NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve

CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.

Product: Davor Zeljkovic Convert Docx2post

Active Installations: unknown

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52397

NVD References: https://patchstack.com/database/vulnerability/convert-docx2post/wordpress-convert-docx2post-plugin-1-4-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.

Product: Saso Nikolov Event Tickets with Ticket Scanner

Active Installations: 1,000+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427

NVD References: https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.

Product: Anton Hoelstad WP Quick Setup

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429

NVD References: https://patchstack.com/database/vulnerability/wp-quick-setup/wordpress-wp-quick-setup-plugin-2-0-arbitrary-plugin-and-theme-installation-to-remote-code-execution-vulnerability?_s_id=cve

CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.

Product: Lis Video Gallery

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430

NVD References: https://patchstack.com/database/vulnerability/lis-video-gallery/wordpress-lis-video-gallery-plugin-0-2-1-php-object-injection-vulnerability?_s_id=cve

CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.

Product: Pressaholic WordPress Video Robot

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431

NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve

CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.

Product: Popup by Supsystic

Active Installations: 10,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434

NVD References: https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-29-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.

Product: Hacklog DownloadManager

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401

NVD References: https://patchstack.com/database/vulnerability/hacklog-downloadmanager/wordpress-hacklog-downloadmanager-plugin-2-1-4-csrf-to-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.