Blog Archives - BoWare IT Services

October 16, 2025October 16, 2025

@RISK: The Consensus Security Vulnerability Alert: Vol. 25, Num. 40

@RISK®: The Consensus Security Vulnerability Alert
October 16, 2025 – Vol. 25, Num. 40

CONTENTS:
=========================================================
INTERNET STORM CENTER SPOTLIGHT
OTHER INTERNET STORM CENTER ENTRIES
RECENT CVEs
=========================================================

INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft Patch Tuesday October 2025
Published: 2025-10-14
Last Updated: 2025-10-14 17:55:39 UTC
by Johannes Ullrich (Version: 1)

I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft’s cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This should leave us with Microsoft-specific on-premises vulnerabilities. This month, this leaves 157 different vulnerabilities. Eight of the vulnerabilities are rated critical.

This month, Microsoft is discontinuing support for a number of different products:

Windows 10
Office 2016
Exchange Server 2016
Office 2019
Exchange Server 2019
Office and Exchange users are directed towards cloud and subscription offerings. For Office, you still have Office 2024 available if you would rather “own” the product. For Exchange, the Exchange Server Subscription Edition is available as of July.

Windows 10 users will have the option to sign up for “Extended Security Updates” (ESU). It has been offered as a low-cost alternative to retain security updates, and in some countries, it is offered for free …

Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2025/32368/

[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot
Published: 2025-10-09
Last Updated: 2025-10-09 03:24:19 UTC
by Jin Quan Low, SANS.edu BACS Student (Version: 1)

[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program.]

Ransomware is often the first word that comes to mind when we think about cybercriminals chasing financial gain. It barges in, locks files, drops ransom notes, and causes immediate disruption.

Cryptojacking, on the other hand, acts like a quiet trespasser. It slips in unnoticed, makes itself at home, and hijacks computing resources in the background to mine cryptocurrency while the victim stays unaware. Because it rarely causes disruptions, cryptojacking does not get the same level of attention as ransomware.

Over the past three months, my DShield honeypot captured repeated attempts to deploy RedTail, a cryptojacking malware first observed in early 2024. RedTail targets Monero cryptocurrency, typically gaining access through brute-forced SSH logins or exploiting vulnerabilities and deploying scripts to establish persistence and launch mining processes. The activity observed showed that compromises can extend beyond simple cryptomining, making RedTail a relevant case study for defenders.

Mapping Attacks to MITRE ATT&CK Tactics, Techniques and Procedures (TTPs)
Malware IOCs are very useful for quick detection, but they can be easily invalidated. Attackers only need to change part of their code, and those indicators lose all value. RedTail malware is no exception. Researchers had already detected different hashes of the same malware.

TTPs on the other hand rarely change and can be leveraged to detect similar threat behaviours. Hence, the observed attack involving RedTail malware will be mapped to the MITRE ATT&CK framework and how we can better defend ourselves …

Read the full entry: https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312/
OTHER INTERNET STORM CENTER ENTRIES
Clipboard Pictures Exfiltration in Python Infostealer (2025.10.15)
https://isc.sans.edu/diary/Clipboard+Pictures+Exfiltration+in+Python+Infostealer/32372/
Heads Up: Scans for ESAFENET CDG V5 (2025.10.13)
https://isc.sans.edu/diary/Heads+Up+Scans+for+ESAFENET+CDG+V5/32364/
Wireshark 4.4.10 and 4.6.0 Released (2025.10.12)
https://isc.sans.edu/diary/Wireshark+4410+and+460+Released/32358/
RECENT CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-57819 – FreePBX is vulnerable to unauthenticated access and remote code execution due to insufficient data sanitization, patched in versions 15.0.66, 16.0.89, and 17.0.3.
Product: FreePBX 15, 16, and 17
CVSS Score: 0
** KEV since 2025-08-29 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57819ISC Podcast: https://isc.sans.edu/podcastdetail/9646
CVE-2025-24990 – Agere Modem driver has a vulnerability which will be removed in a upcoming update resulting in non-functioning fax modem hardware on Windows.
Product: Microsoft Agere Modem driver
CVSS Score: 7.8
** KEV since 2025-10-14 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24990ISC Diary: https://isc.sans.edu/diary/32368NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990
CVE-2025-24052 – Agere Modem driver has a vulnerability which will be removed in a upcoming update resulting in non-functioning fax modem hardware on Windows.
Product: Microsoft Agere Modem driver
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24052ISC Diary: https://isc.sans.edu/diary/32368NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24052
CVE-2025-59230 – Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Remote Access Connection Manager
CVSS Score: 7.8
** KEV since 2025-10-14 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59230ISC Diary: https://isc.sans.edu/diary/32368NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230
CVE-2016-7836 – SKYSEA Client View Ver.11.221.03 and earlier is vulnerable to remote code execution due to a flaw in processing authentication on the TCP connection.
Product: Skygroup Skysea_Client_View
CVSS Score: 0
** KEV since 2025-10-14 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2016-7836
CVE-2025-49708 – Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
Product: Microsoft Graphics Component
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49708ISC Diary: https://isc.sans.edu/diary/32368NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49708
CVE-2025-55315 – ASP.NET Core allows an authorized attacker to bypass a security feature over a network due to inconsistent interpretation of http requests.
Product: Microsoft ASP.NET Core
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55315ISC Diary: https://isc.sans.edu/diary/32368NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
CVE-2025-59287 – Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows Server Update Service
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59287ISC Diary: https://isc.sans.edu/diary/32368NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
CVE-2025-0603 – Callvision Emergency Code before V3.0 is vulnerable to SQL Injection and Blind SQL Injection.
Product: Callvision Healthcare Callvision Emergency Code
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0603
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0320

CVE-2025-25009 – Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
Product: Kibana
CVSS Score: 8.7
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25009
ISC Podcast: https://isc.sans.edu/podcastdetail/9646
NVD References: https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449

CVE-2025-52021 – PuneethReddyHC Online Shopping System Advanced 1.0 has a SQL Injection vulnerability in the edit_product.php file due to unsafe handling of the product_id GET parameter.
Product: PuneethReddyHC Online Shopping System Advanced 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52021

CVE-2025-3450 – Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime.This issue affects Automation Runtime: from 6.0 before 6.3, before Q4.93.
Product: B&R Industrial Automation Automation Runtime
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3450
NVD References: https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf

CVE-2025-44823 – Nagios Log Server allows authenticated users to retrieve cleartext administrative API keys via a specific API call, GL:NLS#475.
Product: Nagios Log Server
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44823

CVE-2025-11418 – Tenda CH22 up to 1.0.0.1 is vulnerable to a remote stack-based buffer overflow in function formWrlsafeset of the HTTP Request Handler component.
Product: Tenda CH22
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11418

CVE-2025-11423 – Tenda CH22 1.0.0.1 is vulnerable to remote memory corruption due to improper handling of user input in the formSafeEmailFilter function within the /goform/SafeEmailFilter file.
Product: Tenda CH22
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11423

CVE-2025-53967 – Framelink Figma MCP Server before 0.6.3 is vulnerable to remote command execution due to inadequate sanitization of input in HTTP POST requests.
Product: Framelink Figma MCP Server
CVSS Score: 8.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53967
ISC Podcast: https://isc.sans.edu/podcastdetail/9648

CVE-2025-61913 – Flowise allows authenticated attackers to read and write arbitrary files to any path in the file system, potentially leading to remote command execution.
Product: Flowise
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61913

CVE-2025-11539 – Grafana Image Renderer is vulnerable to remote code execution through an arbitrary file write vulnerability, allowing an attacker to save a shared object to an arbitrary location that is then loaded by the Chromium process.
Product: Grafana grafana-image-renderer
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11539
NVD References: https://grafana.com/security/security-advisories/cve-2025-11539/

CVE-2025-56683 – Logseq v0.10.9 is vulnerable to a cross-site scripting (XSS) attack in the /app/marketplace.html component, enabling arbitrary code execution by injecting malicious Javascript into a specially designed README.md file.
Product: Logseq v0.10.9
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56683

CVE-2025-10283 – BBOT’s gitdumper module could be abused to execute commands through a malicious git repository.
Product: BBOT gitdumper module
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10283

CVE-2025-10284 – BBOT’s unarchive module is vulnerable to exploitation through malicious archive files, allowing for remote code execution via arbitrary file write.
Product: BBOT unarchive module
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10284

CVE-2025-59978 – Juniper Networks Junos Space is vulnerable to Cross-site Scripting, allowing an attacker to execute commands as an admin on affected versions before 24.1R4.
Product: Juniper Networks Junos Space
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59978

CVE-2025-60316 – SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter.
Product: SourceCodester Pet Grooming Management Software
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60316

CVE-2025-35050 – Newforma Info Exchange (NIX) vulnerability allows unauthenticated remote attackers to execute arbitrary code on the system with elevated privileges.
Product: Newforma Project Center Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35050

CVE-2025-35051 – Newforma Project Center Server (NPCS) accepts serialized .NET data via the ‘/ProjectCenter.rem’ endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with ‘NT AUTHORITY\NetworkService’ privileges.
Product: Newforma Project Center Server (NPCS)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35051

CVE-2025-59218 – Azure Entra ID Elevation of Privilege Vulnerability
Product: Microsoft Azure Entra ID
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59218
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59218

CVE-2025-59246 – Azure Entra ID Elevation of Privilege Vulnerability
Product: Microsoft Azure Entra ID
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59246
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59246

CVE-2025-60269 – JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.
Product: JEEWMS 20250820
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60269

CVE-2025-60306 – code-projects Simple Car Rental System 1.0 allows low privilege users to impersonate high privilege users and access sensitive information.
Product: code-projects Simple Car Rental System
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60306

CVE-2025-61929 – Cherry Studio desktop client is vulnerable to remote code execution attacks when processing `cherrystudio://` URLs, allowing for potential compromise of user systems.
Product: Cherry Studio
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61929

CVE-2025-61884 – Oracle Configurator in Oracle E-Business Suite (Runtime UI component) versions 12.2.3-12.2.14 is vulnerable to an easily exploitable flaw allowing unauthorized access to critical data or complete control over all accessible data.
Product: Oracle E-Business Suite
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61884
ISC Podcast: https://isc.sans.edu/podcastdetail/9652
NVD References: https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

CVE-2025-9976 – Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x is vulnerable to OS Command Injection, enabling attackers to run arbitrary code on the user’s system.
Product: 3DEXPERIENCE Station Launcher App
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9976

CVE-2025-6919 – Aykome License Tracking System before Version dated 06.10.2025 is vulnerable to SQL Injection.
Product: Cats Information Technology Aykome License Tracking System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6919

CVE-2025-37729 – Elastic Cloud Enterprise (ECE) is vulnerable to data exfiltration and command execution by a malicious actor with Admin access through improperly neutralized special elements in its template engine.
Product: Elastic Elastic Cloud Enterprise (ECE)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37729
NVD References: https://discuss.elastic.co/t/elastic-cloud-enterprise-ece-3-8-2-and-4-0-2-security-update-esa-2025-21/382641

CVE-2025-42910 – SAP Supplier Relationship Management is vulnerable to arbitrary file uploads, allowing attackers to potentially execute malicious code and significantly compromise system security.
Product: SAP Supplier Relationship Management
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42910

CVE-2025-42937 – SAPSprint allows unauthenticated attackers to overwrite system files by traversing to parent directories, compromising confidentiality, integrity, and availability.
Product: SAP Print Service (SAPSprint)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42937

CVE-2025-46581 – ZTE’s ZXCDN product is susceptible to a Struts remote code execution vulnerability allowing unauthenticated attackers to execute commands remotely.
Product: ZTE ZXCDN
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46581

CVE-2025-40765 – TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3) is vulnerable to an information disclosure flaw that allows unauthenticated remote attackers to access password hashes and perform authenticated actions in the database service.
Product: TeleControl Server Basic V3.1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40765
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-062309.html

CVE-2025-40771 – SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL, SIPLUS ET 200SP CP 1543SP-1 ISEC, and SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL devices are vulnerable to unauthorized configuration data access due to a lack of proper authentication.
Product: Siemens SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL, SIPLUS ET 200SP CP 1543SP-1 ISEC, SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40771
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-486936.html

CVE-2025-10610 – Winsure allows Blind SQL Injection through Version dated 21.08.2025.
Product: SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10610

CVE-2025-49553 – Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability allowing attackers to execute malicious scripts in a victim’s browser.
Product: Adobe Connect
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49553
NVD References: https://helpx.adobe.com/security/products/connect/apsb25-70.html

CVE-2025-11371 – Gladinet CentreStack and TrioFox versions prior to 16.7.10368.56560 have an unauthenticated Local File Inclusion Flaw allowing for disclosure of system files.
Product: Gladinet CentreStack
CVSS Score: 6.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11371
ISC Podcast: https://isc.sans.edu/podcastdetail/9652
NVD References: https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw

CVE-2025-59489 – Unity Runtime before 2025-10-02 allows argument injection on Android, Windows, macOS, and Linux, potentially enabling remote code execution and information exfiltration.
Product: Unity Runtime
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59489
ISC Diary: https://isc.sans.edu/diary/32368

CVE-2025-0785 – ESAFENET CDG V5 has a cross-site scripting vulnerability in the /SysConfig.jsp file that can be exploited remotely and has been publicly disclosed.
Product: ESAFENET CDG V5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0785
ISC Diary: https://isc.sans.edu/diary/32364

CVE-2025-10586 & CVE-2025-10587 – The Community Events plugin for WordPress SQL Injection vulnerabilities
Product: WordPress Community Events plugin
Active Installations: 40+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10586
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10587
NVD References:
– https://www.wordfence.com/threat-intel/vulnerabilities/id/92f3b923-884e-4f61-9bf8-62dfb267a27e?source=cve
– https://www.wordfence.com/threat-intel/vulnerabilities/id/f8a54a18-64e2-4046-8143-2b5116c4200b?source=cve

CVE-2025-7526 & CVE-2025-7634 – The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress vulnerabilities
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7526
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7634
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/c754d957-26a8-4fef-a487-96d566c2dc36?source=cve
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/ce119965-01a0-4cff-a0b2-e99bceb1406c?source=cve

CVE-2025-11522 – The Search & Go – Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover allowing unauthenticated attackers to gain access to other user’s accounts when Facebook login is enabled.
Product: Edge Themes Search & Go – Directory WordPress Theme
Active Installations: Unknown. Update to version 2.8, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11522
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/da590a65-8728-4577-b6e4-ecebc2a2277d?source=cve

CVE-2025-11533 – The WP Freeio plugin for WordPress allows unauthenticated attackers to register as administrators due to a privilege escalation vulnerability.
Product: WordPress WP Freeio plugin
Active Installations: Unknown. Update to version 1.2.22, or a newer patched version,
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11533
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/0db85f84-04e9-42eb-a16b-96554fbfd186?source=cve

CVE-2025-6553 – The Ovatheme Events Manager plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to missing file type validation in older versions up to 1.8.5.
Product: Ovatheme Events Manager plugin for WordPress
Active Installations: Unknown. Update to version 1.8.6, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6553NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/808392a9-dbac-4896-8677-6ddc1213d80d?source=cve
CVE-2025-6439 – The WooCommerce Designer Pro plugin for WordPress allows unauthenticated attackers to delete files on the server, leading to potential remote code execution, data loss, or site unavailability.
Product: WooCommerce Designer Pro plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6439NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/407a0bc3-2775-4a34-9817-924bf94a4f94?source=cve
The following vulnerabilities need a manual review:

CVE-2025-54957 – Integer overflow in Dolby Digital Plus audio decoder ISC Diary: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+October+2025/32368/
CVE-2025-11001 & CVE-2025-11002 – 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerabilities References:
– https://www.zerodayinitiative.com/advisories/ZDI-25-949/– https://www.zerodayinitiative.com/advisories/ZDI-25-950/

October 9, 2025October 16, 2025

@RISK: The Consensus Security Vulnerability Alert: Vol. 25, Num. 39

CONTENTS:
=========================================================
INTERNET STORM CENTER SPOTLIGHT
OTHER INTERNET STORM CENTER ENTRIES
RECENT CVEs
=========================================================

Exploit Against FreePBX (CVE-2025-57819) with code execution.
Published: 2025-10-07
Last Updated: 2025-10-07 16:23:36 UTC
by Johannes Ullrich (Version: 1)

FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in the past. Most recently, a SQL injection vulnerability was found that allows attackers to modify the database.

For a PBX, there are a number of obvious attacks. For example, they are often abused for free phone calls, to impersonate the companies running the PBX, or to hide the true origin of phone calls. Manipulating the FreePBX database would certainly facilitate these types of attacks. However, I noticed some slightly more interesting attacks recently attempting to achieve complete code execution …

Read the full entry: https://isc.sans.edu/diary/Exploit+Against+FreePBX+CVE202557819+with+code+execution/32350/

Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882) [UPDATED]
Published: 2025-10-06
Last Updated: 2025-10-06 12:36:04 UTC
by Johannes Ullrich (Version: 1)

[Update: I added the server part delivering the payload]

This weekend, Oracle published a surprise security bulletin announcing an exploited vulnerability in Oracle E-Business Suite. As part of the announcement, which also included a patch, Oracle published IoC observed as part of the incident response.

One script I found interesting is what Oracle calls “exp[.]py”. Here is a quick analysis of the HTTP requests sent by the script. I only ran it against a simple Python web server, not an actual Oracle E-Business Suite install.

The script takes two parameters: The URL of the target and the IP/port of a config server.

The first request sent by the script …

Read the full entry: https://isc.sans.edu/diary/Quick+and+Dirty+Analysis+of+Possible+Oracle+EBusiness+Suite+Exploit+Script+CVE202561882+UPDATED/32346/

OTHER INTERNET STORM CENTER ENTRIES

Polymorphic Python Malware (2025.10.08)
https://isc.sans.edu/diary/Polymorphic+Python+Malware/32354/

More .well-known Scans (2025.10.02)
https://isc.sans.edu/diary/More+wellknown+Scans/32340/

RECENT CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-61882 – Oracle Concurrent Processing in Oracle E-Business Suite (BI Publisher Integration) versions 12.2.3-12.2.14 is susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker to take over the Oracle Concurrent Processing component.
Product: Oracle Concurrent Processing
CVSS Score: 9.8
** KEV since 2025-10-06 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61882
ISC Diary: https://isc.sans.edu/diary/32346
ISC Podcast: https://isc.sans.edu/podcastdetail/9642
NVD References:
– https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
– https://blogs.oracle.com/security/post/apply-july-2025-cpu
– https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/

CVE-2025-10035 – Fortra’s GoAnywhere MFT is susceptible to a deserialization vulnerability, which enables an actor to inject commands by deserializing an arbitrary object with a forged license response signature.
Product: Fortra GoAnywhere MFT
CVSS Score: 0
** KEV since 2025-09-29 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10035
ISC Podcast: https://isc.sans.edu/podcastdetail/9644

CVE-2014-6278 – GNU Bash OS Command Injection Vulnerability
Product: Gnu Bash 4.3
CVSS Score: 0
** KEV since 2025-10-02 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2014-6278

CVE-2017-1000353 – Jenkins Remote Code Execution Vulnerability
Product: Jenkins
CVSS Score: 0
** KEV since 2025-10-02 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-1000353
NVD References: https://www.jenkins.io/security/advisory/2017-04-26/

CVE-2015-7755 – Juniper ScreenOS Improper Authentication Vulnerability
Product: Juniper ScreenOS 6.3.0
CVSS Score: 0
** KEV since 2025-10-02 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2015-7755

CVE-2025-10725 – Red Hat Openshift AI Service is susceptible to privilege escalation, enabling a low-privileged attacker to become a full cluster administrator and compromise the confidentiality, integrity, and availability of the cluster.
Product: Red Hat Openshift AI Service
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10725
ISC Podcast: https://isc.sans.edu/podcastdetail/9640

CVE-2025-49844 – Redis versions 8.2.1 and below are vulnerable to a use-after-free exploit via specially crafted Lua scripts, potentially allowing for remote code execution.
Product: Redis
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49844
ISC Podcast: https://isc.sans.edu/podcastdetail/9644

CVE-2024-58040 – Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
Product: Crypt::RandomEncryption Perl
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-58040

CVE-2025-11148 – Check-branches is vulnerable to command injection due to trusting user input for branch names and concatenating them to spawn git commands.
Product: Npm check-branches
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11148

CVE-2025-34217 – Vasion Print Virtual Appliance Host and Application have a hardcoded ‘printerlogic’ user with SSH access, allowing attackers to gain root access with the matching private key.
Product: Vasion Virtual Appliance Application
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-34217

CVE-2025-7493 – FreeIPA has a privilege escalation flaw that allows an attacker to gain domain administrator access and perform administrative tasks over the REALM, potentially leading to sensitive data exfiltration.
Product: FreeIPA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7493

CVE-2025-56513 – NiceHash QuickMiner 6.12.0 is vulnerable to supply chain attacks through unvalidated software updates over HTTP, allowing for remote code execution by intercepting or redirecting traffic to the update url.
Product: NiceHash QuickMiner
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56513

CVE-2025-10659 – The Telenium Online Web Application is vulnerable to remote code execution via crafted HTTP requests due to an insecurely terminated regular expression check in an accessible PHP endpoint.
Product: Telenium Online Web Application
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10659
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-01

CVE-2025-61622 – Pyfory versions 0.12.0 through 0.12.2, or legacy pyfury versions from 0.1.0 through 0.10.3, are vulnerable to arbitrary code execution through deserialization of untrusted data.
Product: Pyfory
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61622

CVE-2025-61044 & CVE-2025-61045 – TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain command injection vulnerabilities.
Product: Totolink X18
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61044
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61045

CVE-2025-59735 through CVE-2025-59741 – AndSoft’s e-TMS v25.03 operating system command injection vulnerabilities.
Product: AndSoft E-TMS 25.03
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59735
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59736
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59737
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59738
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59739
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59740
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59741
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

CVE-2025-59742 & CVE-2025-59743 – AndSoft’s e-TMS v25.03 SQL injection vulnerabilities.
Product: AndSoft E-TMS 25.03
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59742
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59743
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

CVE-2025-59407 – The Flock Safety DetectionProcessing application 6.35.33 for Android exposes a Java Keystore (flock_rye.bks) with a hardcoded password (flockhibiki17) containing a private key.
Product: Flock Safety DetectionProcessing com.flocksafety.android.objects
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59407

CVE-2025-61603 & CVE-2025-61605- WeGIA is vulnerable to SQL Injection in versions 3.4.12 and below.
Product: WeGIA
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61603
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61605

CVE-2025-59489 – Unity Runtime before 2025-10-02 allows argument injection on Android, Windows, macOS, and Linux, potentially enabling remote code execution and information exfiltration.
Product: Unity Runtime
CVSS Score: 7.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59489
ISC Podcast: https://isc.sans.edu/podcastdetail/9642

CVE-2023-49886 – IBM Standards Processing Engine 10.0.1.10 is vulnerable to a remote code execution exploit through unsafe java deserialization.
Product: IBM Standards Processing Engine 10.0.1.10
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49886
NVD References: https://www.ibm.com/support/pages/node/7247179

CVE-2025-36356 – IBM Security Verify Access and IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 may permit a locally authenticated user to gain root access by leveraging excessive privileges.
Product: IBM Security Verify Access
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36356
NVD References: https://www.ibm.com/support/pages/node/7247215

CVE-2025-59159 – SillyTavern’s web user interface in versions prior to 1.13.4 is vulnerable to DNS rebinding, allowing attackers to perform various malicious actions, but the vulnerability has been patched in version 1.13.4.
Product: SillyTavern
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59159

CVE-2025-57247 – The BATBToken smart contract contains incorrect access control implementation in whitelist management functions, allowing unauthorized users to bypass transfer restrictions and manipulate special address settings.
Product: BATBToken smart contract
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57247

CVE-2025-60957, CVE-2025-60964, & CVE-2025-60965 – EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 OS Command Injection vulnerabbilities.
Product: EndRun Technologies Sonoma D12 Network Time Server
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60957
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60964
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60965

CVE-2025-61777 – Flag Forge’s `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints allowed unauthorized access, potentially leading to data exposure and abuse of the badge system, prior to version 2.3.2.
Product: Flag Forge Capture The Flag (CTF) platform
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61777

CVE-2025-57515 – Uniclare Student Portal v2 is vulnerable to SQL injection, allowing remote attackers to execute time-delayed functions by injecting malicious SQL commands through input fields.
Product: Uniclare Student Portal
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57515

CVE-2025-0603 – Callvision Emergency Code before V3.0 is vulnerable to SQL Injection and Blind SQL Injection.
Product: Callvision Healthcare Callvision Emergency Code
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0603

CVE-2025-3450 – Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime. This issue affects Automation Runtime: from 6.0 before 6.3, before Q4.93.
Product: B&R Industrial Automation Automation Runtime
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3450

CVE-2025-10728 – The vulnerability in the module leads to a stack overflow DoS when rendering a Svg file containing a element.
Product: Nozavicka SVG Component
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10728
ISC Podcast: https://isc.sans.edu/podcastdetail/9646

CVE-2025-10729 – Module X allows for parsing a node outside of a structural node, resulting in potential use after free vulnerability.
Product: Linux
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10729
ISC Podcast: https://isc.sans.edu/podcastdetail/9646
NVD References: https://codereview.qt-project.org/c/qt/qtsvg/+/676473

CVE-2025-30247 – Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms is vulnerable to OS command injection, allowing remote attackers to execute arbitrary system commands via a specially crafted HTTP POST.
Product: Western Digital My Cloud
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30247
ISC Podcast: https://isc.sans.edu/podcastdetail/9636

CVE-2025-8625 – The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution through its copyreap_handle_image() Function in versions 1.1 to 1.2.
Product: Copypress Rest API plugin for WordPress
Active Installations: This plugin has been closed as of September 26, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8625
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/3045c9e5-4095-48e5-8d9d-16a091e69d54?source=cve

CVE-2025-9762 – The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution.
Product: WordPress Post By Email plugin
Active Installations: This plugin has been closed as of September 26, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9762
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/885eb923-8e69-416b-8494-a42a9465cfe0?source=cve

CVE-2020-36852 – The Custom Searchable Data Entry System plugin for WordPress up to version 1.7.1 is vulnerable to unauthenticated database wiping, allowing attackers to erase tables like wp_users.
Product: WordPress Custom Searchable Data Entry System plugin
Active Installations: This plugin has been closed as of March 12, 2020 and is not available for download. This closure is permanent. Reason: Author Request.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36852
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/245d89e5-52cc-44b1-a858-0ca0aacb4e26?source=cve

CVE-2025-9697 – The Ajax WooSearch WordPress plugin allows unauthenticated users to perform SQL injection attacks due to inadequate sanitisation of user input.
Product: Ajax WooSearch WordPress plugin
Active Installations: Unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9697
NVD References: https://wpscan.com/vulnerability/38939152-e54e-4f8f-996b-592de195570d/

CVE-2025-6388 – The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions, allowing unauthenticated attackers to log in as any user, including administrators.
Product: WordPress Spirit Framework plugin
Active Installations: Unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6388
NVD References: https://themespirit.com/talemy-changelog/
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cbc0e7-4328-451f-a595-1ce17e9d0031?source=cve

CVE-2025-10726 – The WPRecovery plugin for WordPress is vulnerable to SQL Injection which allows unauthenticated attackers to extract sensitive information and delete arbitrary files on the server.
Product: WPScan WPRecovery plugin
Active Installations: This plugin has been closed as of October 1, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10726
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/15880d3b-87de-4b59-878c-e36e73c45e8a?source=cve

CVE-2025-7721 – The JoomSport plugin for WordPress is vulnerable to Local File Inclusion up to version 5.7.3, allowing unauthenticated attackers to execute arbitrary .php files on the server and potentially bypass access controls or obtain sensitive data.
Product: JoomSport for Sports: Team & League, Football, Hockey & more plugin for WordPress
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7721
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3900c7-2acb-4031-9854-b0b13e172e1f?source=cve

CVE-2025-9209 – RestroPress – Online Food Ordering System plugin for WordPress allows unauthenticated attackers to forge JWT tokens for other users via the /wp-json/wp/v2/users endpoint, leading to Authentication Bypass.
Product: RestroPress Online Food Ordering System plugin for WordPress
Active Installations: This plugin has been closed as of September 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9209
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/359833dd-de3c-48ea-8eef-06588a590da2?source=cve

CVE-2025-9286 – The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation through missing authorization in the reset_user_password() REST handler.
Product: Appy Pie Connect for WooCommerce plugin
This plugin has been closed as of October 1, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9286
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/36fb5b8d-1ea4-45c2-8639-b229efdb57db?source=cve

CVE-2025-9485 – The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to improper verification of cryptographic signatures, allowing unauthenticated attackers to gain access to user accounts or create new accounts.
Product: WordPress OAuth Single Sign On – SSO (OAuth Client) plugin
Active Installations: 6,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-9485
NVD References: https://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-online-google-facebook/tags/6.26.12/class-mooauth-widget.php#L577
NVD References: https://plugins.trac.wordpress.org/changeset/3360768/miniorange-login-with-eve-online-google-facebook
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d2448afc-70d1-4dd5-b73b-62d182ee9a8a?source=cve

December 5, 2024December 5, 2024

@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 47

@RISK: The Consensus Security Vulnerability Alert
December 5, 2024 – Vol. 24, Num. 47

Credential Guard and Kerberos delegation
Published: 2024-12-02.
Last Updated: 2024-12-02 08:47:36 UTC
by Bojan Zdrnja (Version: 1)

The vast majority of red team exercises that I (and my team, of course) have been doing lately are assumed breach scenarios. In an assumed breach scenario (and we cover this in the amazing SEC565: Red Team Operations and Adversary Emulation SANS course that I also teach!) red team is usually given access as a non-privileged domain user, simulating an attacker that has someone already established the first foothold in the organization.

This works quite well as we know that eventually the attacker will succeed and perhaps get a victim (most of the time through some kind of social engineering) to execute their binary. So the first part in such an engagement is to create a malicious binary (an implant) that will evade security controls in the target organization. Most of red teams will have specialists for this.

The next step includes delivery of implant and execution in context of a regular, non-privileged domain user, on the workstation designated for the red team exercise. And if everything works well, we’ll get that beacon communicating to our front end servers.

What now? While there are many things we do next, such as getting some awareness about the organization, setting up persistence, trying to move laterally, there are cases when we would like to fetch the user’s password, or their TGT (Ticket Granting Ticket) for Kerberos. Some actions will not need this, as we can use the builtin Windows authentication of the process our beacon is running under, but if you want, for example, to start a SOCKS proxy and tunnel some tools from your office, we will need to authenticate to target services, and for that we will either need the user’s password, their password hash or TGT. How do we get one through our implant, considering that we do not have local administrator privileges yet? …

Read the full entry: https://isc.sans.edu/diary/Credential+Guard+and+Kerberos+delegation/3148/

The strange case of disappearing Russian servers
Published: 2024-11-25.
Last Updated: 2024-11-25 13:34:45 UTC
by Jan Kopriva (Version: 1)

Few months ago, I noticed that something strange was happening with the number of servers seen by Shodan in Russia…

In order to identify any unusual changes on the internet that might be worth a closer look, I have put together a simple script few years ago. It periodically goes over data that was gathered from the Shodan search engine by my TriOp tool, and looks for significant changes in the number of public IP addresses with various services enabled on them. This script alerts me any time there seems to be something unusual – i.e., if Shodan detects more than a 10 % increase in the number of HTTPS servers during the course of a week, or if there is more than a 20 % decrease in the number of e-mail servers in a specific country in the course of a month.

Around the beginning of August, the script started alerting me to a decrease in the number of basically all types of servers that Shodan detected in Russia.

Since internet-wide scanning and service identification that is performed by Shodan, Censys and similar search engines, is hardly an exact science, the number of systems that they detect can oscillate significantly in the short term, and a single alert by my script therefore seldom means that a real change is occurring. Nevertheless, the alerts kept coming for multiple days and weeks in a row, and so I decided to take a closer look at the underlying data… And, indeed, from the point of view of Shodan, it looked as if significant portions of the Russian internet were disappearing.

My theory was that it might have been caused by introduction of some new functionality into the internet filtering technology that is used by Russia in order to censor internet traffic and block access to various external services, which started interfering with Shodan probes. And while I still believe that this might be the case, looking at the data now, when the number of Russian servers has been more or less stable for about 6 weeks, it seems that the cause for the decrease was at least partially different …

Read the full entry: https://isc.sans.edu/diary/The+strange+case+of+disappearing+Russian+servers/31476/

OTHER INTERNET STORM CENTER ENTRIES
Data Analysis: The Unsung Hero of Cybersecurity Expertise [Guest Diary] (2024.12.04)
https://isc.sans.edu/diary/Data+Analysis+The+Unsung+Hero+of+Cybersecurity+Expertise+Guest+Diary/31494/

Extracting Files Embedded Inside Word Documents (2024.12.03)
https://isc.sans.edu/diary/Extracting+Files+Embedded+Inside+Word+Documents/31486/

From a Regular Infostealer to its Obfuscated Version (2024.11.30)
https://isc.sans.edu/diary/From+a+Regular+Infostealer+to+its+Obfuscated+Version/31484/

Quickie: Mass BASE64 Decoding (2024.11.29)
https://isc.sans.edu/diary/Quickie+Mass+BASE64+Decoding/31470/

SANS ISC Internship Setup: AWS DShield Sensor + DShield SIEM [Guest Diary] (2024.11.26)
https://isc.sans.edu/diary/SANS+ISC+Internship+Setup+AWS+DShield+Sensor+DShield+SIEM+Guest+Diary/31480/

[Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware (2024.11.26)
https://isc.sans.edu/diary/Guest+Diary+Using+Zeek+Snort+and+Grafana+to+Detect+Crypto+Mining+Malware/31472/

Quick & Dirty Obfuscated JavaScript Analysis (2024.11.24)
https://isc.sans.edu/diary/Quick+Dirty+Obfuscated+JavaScript+Analysis/31468/

Decrypting a PDF With a User Password (2024.11.23)
https://isc.sans.edu/diary/Decrypting+a+PDF+With+a+User+Password/31466

Wireshark 4.4.2 Released (2024.11.23)
https://isc.sans.edu/diary/Wireshark+442+Released/31460/

An Infostealer Searching for <> Data (2024.11.22)
https://isc.sans.edu/diary/An+Infostealer+Searching+for+BIP0039+Data/31464/

Increase In Phishing SVG Attachments (2024.11.21)
https://isc.sans.edu/diary/Increase+In+Phishing+SVG+Attachments/31456/

CVE-2024-49039 – Windows Task Scheduler Elevation of Privilege Vulnerability
Product: Microsoft Windows Task Scheduler
CVSS Score: 0
** KEV since 2024-11-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49039
ISC Podcast: https://isc.sans.edu/podcastdetail/9240

CVE-2024-11680 – ProjectSend versions prior to r1720 have an improper authentication vulnerability that can be exploited by remote attackers to unauthorized modify the application’s configuration, create accounts, upload webshells, and embed malicious JavaScript.
Product: ProjectSend
CVSS Score: 9.8
** KEV since 2024-12-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11680
NVD References:
– https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/projectsend-auth-bypass.yaml
– https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744
– https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/projectsend_unauth_rce.rb
– https://vulncheck.com/advisories/projectsend-bypass
– https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf

CVE-2023-45727 – Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier are vulnerable to remote XML External Entity (XXE) attacks, allowing an unauthenticated attacker to read arbitrary server files containing sensitive account information.
Product: Northgrid Proself
CVSS Score: 0
** KEV since 2024-12-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45727

CVE-2024-11667 – Zyxel ATP, USG FLEX, and USG20(W)-VPN series firmware versions are vulnerable to directory traversal allowing attackers to download/upload files via a crafted URL.
Product: Zyxel ATP series
CVSS Score: 7.5
** KEV since 2024-12-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11667
NVD References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024

CVE-2024-49803 – IBM Security Verify Access Appliance 10.0.0 through 10.0.8 allows remote authenticated attackers to execute arbitrary commands via a specially crafted request.
Product: IBM Security Verify Access Appliance
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49803
ISC Podcast: https://isc.sans.edu/podcastdetail/9238
NVD References: https://www.ibm.com/support/pages/node/7177447

CVE-2024-49805 & CVE-2024-49806 – IBM Security Verify Access Appliance 10.0.0 through 10.0.8 has hard-coded credentials that can be exploited for authentication and data encryption.
Product: IBM Security Verify Access Appliance
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49805
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49806
ISC Podcast: https://isc.sans.edu/podcastdetail/9238
NVD References: https://www.ibm.com/support/pages/node/7177447

CVE-2024-49804 – IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 allow a locally authenticated non-administrative user to escalate privileges through unnecessary permissions.
Product: IBM Security Verify Access Appliance
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49804
ISC Podcast: https://isc.sans.edu/podcastdetail/9238
NVD References: https://www.ibm.com/support/pages/node/7177447

CVE-2024-52787 – Libre-chat v0.0.6 is vulnerable to path traversal attacks through the upload_documents method when a malicious filename is supplied in an uploaded file.
Product: libre-chat
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52787
NVD References:
– https://gist.github.com/jxfzzzt/276a6e8cfbc54d2c2711bb51d8d3dff3
– https://github.com/vemonet/libre-chat/commit/dbb8e3400e5258112179783d74c9cc54310cb72b
– https://github.com/vemonet/libre-chat/issues/10
– https://github.com/vemonet/libre-chat/pull/9

CVE-2024-50672 – Adapt Learning Adapt Authoring Tool <= 0.11.3 is vulnerable to a NoSQL injection that allows unauthenticated attackers to reset passwords and take over the administrator account, potentially leading to remote code execution on the server.
Product: Adapt Learning Adapt Authoring Tool
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50672
NVD References:
– https://github.com/adaptlearning/adapt_authoring
– https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2024-50672

CVE-2024-28038 – Canon mageRUNNER ADVANCE’s web interface processes a cookie value improperly, leading to a stack buffer overflow when a too long character string is given to the MFPSESSIONID parameter.
Product: Canon mageRUNNER ADVANCE
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28038
NVD References:
– https://global.sharp/products/copier/info/info_security_2024-05.html
– https://jp.sharp/business/print/information/info_security_2024-05.html
– https://jvn.jp/en/vu/JVNVU93051062/
– https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
– https://www.toshibatec.co.jp/information/20240531_02.html
– https://www.toshibatec.com/information/20240531_02.html

CVE-2024-33610 – “Sessionlist.html and sys_trayentryreboot.html allow unauthorized access to sensitive user session data and device reboot function.”
Product: Micro Focus ArcSight Logger
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33610
NVD References:
– https://global.sharp/products/copier/info/info_security_2024-05.html
– https://jp.sharp/business/print/information/info_security_2024-05.html
– https://jvn.jp/en/vu/JVNVU93051062/
– https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
– https://www.toshibatec.co.jp/information/20240531_02.html
– https://www.toshibatec.com/information/20240531_02.html

CVE-2024-35244 – Siemens SCALANCE X Switches have hidden accounts that can be accessed by maintenance engineers to re-configure the device if their passwords are known.
Product: Siemens SCALANCE X Switches
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35244
NVD References:
– https://global.sharp/products/copier/info/info_security_2024-05.html
– https://jp.sharp/business/print/information/info_security_2024-05.html
– https://jvn.jp/en/vu/JVNVU93051062/
– https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
– https://www.toshibatec.co.jp/information/20240531_02.html
– https://www.toshibatec.com/information/20240531_02.html

CVE-2024-36248 – Sharp / Toshiba Tec MFP Hard-coded credentials: “API keys for some cloud services are hardcoded in the “main” binary of [Product], posing a security risk.”
Product: Sharp / Toshiba Tec MFP
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36248
NVD References:
– https://global.sharp/products/copier/info/info_security_2024-05.html
– https://jp.sharp/business/print/information/info_security_2024-05.html
– https://jvn.jp/en/vu/JVNVU93051062/
– https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
– https://www.toshibatec.co.jp/information/20240531_02.html
– https://www.toshibatec.com/information/20240531_02.html
– https://vuldb.com/?id.286095

CVE-2017-11076 – Google Chrome may experience invalid memory access by the decoder due to incorrect frame size on certain hardware revisions with hardware-accelerated VP9 decoding.
Product: Google Chrome
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-11076
NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

CVE-2017-17772 – In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
Product: Cisco Aironet Wireless Access Points
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-17772
NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

CVE-2018-11922 – Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
Product: TouchPal application
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-11922
NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

CVE-2024-50370 through CVE-2024-50375 – Multiple Advantech’s devices vulnerable to OS command injection
Product: Advantech EKI-6333AC devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50370
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50371
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50372
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50373
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50374
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50375
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50370
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50371
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50372
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50373
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50374
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-50375

CVE-2024-11693 – Firefox, Thunderbird, and Windows operating systems were vulnerable to not receiving an executable file warning when downloading .library-ms files.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11693
NVD References:
– https://bugzilla.mozilla.org/show_bug.cgi?id=1921458
– https://www.mozilla.org/security/advisories/mfsa2024-63/
– https://www.mozilla.org/security/advisories/mfsa2024-64/
– https://www.mozilla.org/security/advisories/mfsa2024-67/
– https://www.mozilla.org/security/advisories/mfsa2024-68/

CVE-2024-11698 – Firefox, Thunderbird, and their respective ESR versions may become stuck in fullscreen mode when a modal dialog is opened during a fullscreen transition on macOS, disrupting the browsing experience until the application is restarted.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11698
NVD References:
– https://bugzilla.mozilla.org/show_bug.cgi?id=1916152
– https://www.mozilla.org/security/advisories/mfsa2024-63/
– https://www.mozilla.org/security/advisories/mfsa2024-64/
– https://www.mozilla.org/security/advisories/mfsa2024-67/
– https://www.mozilla.org/security/advisories/mfsa2024-68/

CVE-2024-11703 – Firefox on Android <133 may have allowed unauthorized access to saved passwords without PIN authentication.
Product: Mozilla Firefox
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11703
NVD References:
– https://bugzilla.mozilla.org/show_bug.cgi?id=1928779
– https://www.mozilla.org/security/advisories/mfsa2024-63/

CVE-2024-11704 – Firefox and Thunderbird versions below 133 are vulnerable to a double-free issue in `sec_pkcs7_decoder_start_decrypt()`, leading to potential memory corruption.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11704
NVD References:
– https://bugzilla.mozilla.org/show_bug.cgi?id=1899402
– https://www.mozilla.org/security/advisories/mfsa2024-63/
– https://www.mozilla.org/security/advisories/mfsa2024-67/

CVE-2024-11705 – Firefox and Thunderbird versions lower than 133 crash due to `NSC_DeriveKey` incorrectly assuming `phKey` is always non-NULL.
Product: Mozilla Firefox
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11705
NVD References:
– https://bugzilla.mozilla.org/show_bug.cgi?id=1921768
– https://www.mozilla.org/security/advisories/mfsa2024-63/
– https://www.mozilla.org/security/advisories/mfsa2024-67/

CVE-2024-11145 – Valor Apps Easy Folder Listing Pro is vulnerable to deserialization, allowing an attacker to run arbitrary code without authentication in Joomla! versions prior to 3.8 and 4.5.
Product: Valor Apps Easy Folder Listing Pro
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11145
NVD References:
– https://github.com/cisagov/CSAF/blob/develop/csaf_files/IT/white/2024/va-24-331-01.json
– https://www.valorapps.com/web-products/easy-folder-listing-pro.html

CVE-2024-49038 – Copilot Studio is vulnerable to Cross-site Scripting, allowing unauthorized attackers to gain elevated privileges over the network.
Product: Copilot Studio
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49038
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49038

CVE-2024-53676 – A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.
Product: Hewlett Packard Enterprise Insight Remote Support
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53676
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us

CVE-2024-42327 – Zabbix allows non-admin user accounts with API access to exploit an SQLi vulnerability in the CUser class.
Product: Zabbix
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42327
NVD References: https://support.zabbix.com/browse/ZBX-25623

CVE-2024-42330 – HttpRequest object vulnerability: Unencoded server response strings enable access to hidden object properties.
Product: Microsoft ASP.NET Core
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42330
NVD References: https://support.zabbix.com/browse/ZBX-25626

CVE-2024-53604 – PHPGurukul COVID 19 Testing Management System v1.0 is vulnerable to SQL Injection via the mobnumber POST parameter, potentially enabling remote code execution.
Product: PHPGurukul COVID 19 Testing Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53604
NVD References: https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/COVID19/SQL%20Injection%20vulnerability%20mo.pdf

CVE-2024-46054 – OpenVidReview 1.0 allows any user to upload files without authentication due to Incorrect Access Control at the /upload route.
Product: OpenVidReview 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46054
NVD References:
– https://github.com/b1d0ws/CVEs/blob/main/CVE-2024-46054.md
– https://github.com/davidguva/OpenVidReview
– https://github.com/davidguva/OpenVidReview/blob/main/routes/upload.js

CVE-2024-53920 – GNU Emacs through 30.0.92 allows attackers to execute arbitrary code by invoking elisp-completion-at-point on untrusted Emacs Lisp source code.
Product: GNU Emacs
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53920
NVD References:
– https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
– https://git.savannah.gnu.org/cgit/emacs.git/tag/?h=emacs-30.0.92
– https://git.savannah.gnu.org/cgit/emacs.git/tree/ChangeLog.4
– https://news.ycombinator.com/item?id=42256409
– https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/

CVE-2024-52338 – The Apache Arrow R package versions 4.0.0 through 16.1.0 are vulnerable to arbitrary code execution through the deserialization of untrusted data in IPC and Parquet readers.
Product: Apache Software Foundation Apache Arrow R package
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52338
NVD References:
– https://github.com/apache/arrow/commit/801de2fbcf5bcbce0c019ed4b35ff3fc863b141b
– https://lists.apache.org/thread/0rcbvj1gdp15lvm23zm601tjpq0k25vt
– http://www.openwall.com/lists/oss-security/2024/11/28/3

CVE-2024-11979 – DreamMaker from Interinfo is vulnerable to Path Traversal and unrestricted file uploads, enabling remote attackers to execute arbitrary code.
Product: Interinfo DreamMaker
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11979
NVD References:
– https://www.twcert.org.tw/en/cp-139-8272-13a13-2.html
– https://www.twcert.org.tw/tw/cp-132-8271-29871-1.html

CVE-2024-11482 – ESM 11.6.10 allows unauthenticated access to its internal Snowservice API, leading to remote code execution as root user.
Product: ESM 11.6.10
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11482
NVD References: https://thrive.trellix.com/s/article/000014058#h2_0

CVE-2024-11992 – Quick.CMS version 6.7 suffers from an absolute path traversal vulnerability, allowing remote users to download or delete files outside of the server’s document root via the admin.php page.
Product: Quick.cms version 6.7
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11992
NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-vulnerability-quickcms

CVE-2024-52777 through CVE-2024-52782 – DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L,<=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.
Product: DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L,<=9.3.5.26, and DCME-720 <=9.1.5.11
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52777
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52778
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52779
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52780
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52781
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52782
NVD References: https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/

CVE-2024-49360 – Sandboxie allows an authenticated user with no privileges to read all files created in sandbox belonging to other users, posing a risk of unauthorized access to sensitive information.
Product: Sandboxie
CVSS Score: 9.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49360
NVD References: https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-4chj-3c28-gvmp

CVE-2024-35366 – FFmpeg n6.1.1 is vulnerable to an Integer Overflow in the parse_options function of sbgdec.c within the libavformat module, allowing negative duration values to be accepted without proper validation.
Product: FFmpeg library
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35366
NVD References:
– https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
– https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
– https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6

CVE-2024-35367 – FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer
Product: FFmpeg library
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35367
NVD References:
– https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4
– https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53
– https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667

CVE-2024-35368 – FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
Product: FFmpeg library
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35368
NVD References:
– https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5
– https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466
– https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c

CVE-2024-36610 – Symfony v7.0.3’s VarDumper module is vulnerable to deserialization attacks through the Stub class due to handling issues with null or uninitialized properties, allowing attackers to execute unauthorized code.
Product: Symfony VarDumper
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36610
NVD References:
– https://gist.github.com/1047524396/24e93f2905850235e42ad7db6e878bd5
– https://github.com/symfony/symfony/blob/v7.0.3/src/Symfony/Component/VarDumper/Cloner/Stub.php#L53
– https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259

CVE-2024-53504 through CVE-2024-53507 – SQL injection vulnerabilities has been identified in Siyuan 3.1.11.
Product: Siyuan 3.1.11
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53504
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53505
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53506
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53507
NVD References: https://github.com/siyuan-note/siyuan/issues/13058
NVD References: https://github.com/siyuan-note/siyuan/issues/13059
NVD References: https://github.com/siyuan-note/siyuan/issues/13060
NVD References: https://github.com/siyuan-note/siyuan/issues/13057
NVD References: https://github.com/siyuan-note/siyuan/issues/13077

CVE-2024-10905 – IdentityIQ is vulnerable to HTTP access to static content in its application directory that should be protected in versions 8.4 and prior.
Product: SailPoint IdentityIQ
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10905
NVD References: https://www.sailpoint.com/security-advisories/

CVE-2024-46909 – WhatsUp Gold versions released before 2024.0.1 allow remote unauthenticated attackers to execute code using the service account.
Product: WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46909
NVD References:
– https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024
– https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html
– https://www.progress.com/network-monitoring

CVE-2024-8785 – WhatsUp Gold versions released before 2024.0.1 allow a remote unauthenticated attacker to manipulate registry values via NmAPI.exe.
Product: WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8785
NVD References:
– https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024
– https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html
– https://www.progress.com/network-monitoring

CVE-2024-10542 – The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation allowing for potential remote code execution.
Product: CleanTalk Spam protection, Anti-Spam, FireWall
Active Installations: 200,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10542
NVD References:
– https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.43.2/lib/Cleantalk/ApbctWP/RemoteCalls.php#L41
– https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631
– https://www.wordfence.com/threat-intel/vulnerabilities/id/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve

CVE-2024-11024 – The AppPresser Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover due to improper validation of password reset codes.
Product: AppPresser Mobile App Framework plugin for WordPress
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11024
NVD References:
– https://plugins.trac.wordpress.org/changeset/3192531/apppresser
– https://www.wordfence.com/threat-intel/vulnerabilities/id/43cb0399-4add-43d5-863c-30e11803bd90?source=cve

CVE-2024-11925 – The JobSearch WP Job Board plugin for WordPress allows unauthenticated attackers to gain admin privileges by exploiting a user_account_activation function flaw.
Product: JobSearch WP Job Board plugin
Active Installations: 6,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11925
NVD References:
– https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856
– https://www.wordfence.com/threat-intel/vulnerabilities/id/04bc8101-2676-4695-a498-f79be8221617?source=cve

CVE-2024-11082 – The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads, allowing authenticated attackers with Author-level access and above to upload malicious files and potentially execute remote code.
Product: Tumult Hype Animations
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11082
NVD References:
– https://github.com/tumult/hype-wordpress-plugin/commit/1702d3d4fd0fae9cb9fc40cdfc3dfb8584d5f04c
– https://plugins.trac.wordpress.org/browser/tumult-hype-animations/trunk/includes/adminpanel.php#L277
– https://plugins.trac.wordpress.org/changeset/3197761/
– https://wordpress.org/plugins/tumult-hype-animations/#developers
– https://www.wordfence.com/threat-intel/vulnerabilities/id/be3a0b4b-cce5-4d78-99d5-697f2cf04427?source=cve

CVE-2024-11103 – The Contest Gallery plugin for WordPress allows for privilege escalation through account takeover in versions up to 24.0.7, enabling unauthenticated attackers to change passwords and gain access to any user account.
Product: Contest Gallery
Active Installations: 1,000+
Product: WordPress
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11103
NVD References:
– https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php#L31
– https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-password-reset.php#L88
– https://plugins.trac.wordpress.org/changeset/3196011/contest-gallery/tags/24.0.8/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php?old=3190068&old_path=contest-gallery%2Ftags%2F24.0.7%2Fv10%2Fv10-admin%2Fusers%2Ffrontend%2Flogin%2Fajax%2Fusers-login-check-ajax-lost-password.php
– https://www.wordfence.com/threat-intel/vulnerabilities/id/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=cve

CVE-2024-8672 – The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders, allowing authenticated attackers with contributor-level access and above to execute code on the server.
Product: The Widget Options Widget & Block Control Plugin
Active Installations: 100,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8672
NVD References:
– https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/pagebuilders/beaver/beaver.php#L825
– https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/pagebuilders/elementor/render.php#L379
– https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/widgets/gutenberg/gutenberg-toolbar.php#L718
– https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3192921%40widget-options&new=3192921%40widget-options&sfp_email=&sfph_mail=
– https://www.wordfence.com/threat-intel/vulnerabilities/id/8d03af4d-a1f9-4c15-a62e-f4cdbcfc9af7?source=cve

CVE-2024-52475 – Wawp 3.0.18 and earlier versions are vulnerable to an Authentication Bypass using an Alternate Path or Channel.
Product: Automation Web Platform Wawp
Active Installations: 500+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52475
NVD References: https://patchstack.com/database/wordpress/plugin/automation-web-platform/vulnerability/wordpress-wawp-plugin-3-0-18-account-takeover-vulnerability?_s_id=cve

CVE-2024-52490 – Pathomation allows for the unrestricted upload of files with dangerous types, leading to the potential upload of a web shell onto a web server.
Product: Pathomation
Active Installations: 2,000+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52490
NVD References: https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-arbitrary-file-upload-vulnerability?_s_id=cve