The Cyber Threat Intelligence Database

sy64

Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)

https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/

sy64

CVE-2023-2729

Synology NAS DSM Account Takeover: When Random is not Secure

https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure

sy64

The Path to the Cloud is Filled with Holes: Exploiting 4G Edge Routers

CVE-2023-33375、CVE-2023-33376、CVE-2023-33377 和 CVE-2023-33378

https://claroty.com/team82/research/the-path-to-the-cloud-is-filled-with-holes-exploiting-4g-edge-routers

sy64

VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

sy64

CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability LPE

sy64

CVE-2024-22319: JNDI Injection RCE in IBM ODM

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.

https://www.vicarius.io/vsociety/posts/unveiling-cve-2024-22319-a-novices-journey-of-a-whitebox-pentest-from-nothing-to-everything-jndi-injection-rce-in-ibm-odm

https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/

sy64

CVE-2023-36884 MS Office and Windows HTML RCE

https://www.vicarius.io/vsociety/posts/ms-office-and-windows-html-rce-cve-2023-36884-36885

sy64

CVE-2023-33012

Zyxel VPN Series Pre-auth Remote Command Execution

Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000)

https://ssd-disclosure.com/ssd-advisory-zyxel-vpn-series-pre-auth-remote-command-execution/

sy64

CVE-2023-31998

A vulnerability in EdgeRouters’s and AirCube’s miniupnpd allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code.

https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/

sy64

CVE-2023-36899
/WebForm/(S(X))/prot/(S(X))ected/target1.aspx
/WebForm/(S(X))/b/(S(X))in/target2.aspx

CVE-2023-36560
/WebForm/pro/(S(X))tected/target1.aspx/(S(X))/
/WebForm/b/(S(X))in/target2.aspx/(S(X))/

https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/

sy64

Affected Product Fixed Version
QTS 5.1.x QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.x QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.x QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.x QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.x QuTScloud c5.1.5.2651 and later
myQNAPcloud 1.0.x myQNAPcloud 1.0.52 (2023/11/24) and later

CVE-2024-21899: If exploited, the improper authentication vulnerability could allow users to compromise the security of the system via a network.
CVE-2024-21900: If exploited, the injection vulnerability could allow authenticated users to execute commands via a network.
CVE-2024-21901: If exploited, the SQL injection vulnerability could allow authenticated administrators to inject malicious code via a network.

https://www.qnap.com/en/security-advisory/qsa-24-09

sy64

Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution

https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/

sy64

Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE

https://hackyboiz.github.io/2024/03/04/ogu123/cve-2024-23897/

https://github.com/h4x0r-dz/CVE-2024-23897

sy64

CVE-2023-36407

Windows Hyper-V Elevation of Privilege Vulnerability

https://hackyboiz.github.io/2024/03/11/pwndorei/newjeans-hyper-v-pt6/

sy64

CVE-2024-2184 affects Canon Color imageCLASS, i-SENSYS, Satera, and Laser Printer models:

Color imageCLASS/imageCLASS/i-SENSYS/Satera LBP660C/620C Series, Color imageCLASS X LBP1127C, C1127P firmware v12.07 and earlier
Color imageCLASS/imageCLASS/i-SENSYS/Satera LBP670C Series, Color imageCLASS X LBP1333C, C1333P firmware v03.09 and earlier
Color imageCLASS/imageCLASS/i-SENSYS/Satera MF740C/640C Series, Color imageCLASS X MF1127C, C1127i/iF firmware v12.07 and earlier
Color imageCLASS/imageCLASS/i-SENSYS/Satera MF750C Series, Color imageCLASS X MF1333C, C1333i/iF firmware v03.09 and earlier

https://psirt.canon/advisory-information/cp2024-002/

sy64

CVE-2024-21378

Remote Code Execution in Microsoft Outlook

https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/

sy64

CVE-2024-1708: Path-Traversal Vulnerability
CVE-2024-1709: Authentication Bypass Using an Alternate Path or Channel

ConnectWise ScreenConnect 23.9.7

https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

https://www.mandiant.com/resources/blog/connectwise-screenconnect-hardening-remediation

sy64

Synacktiv Ricoh Device

Manager NX (DMNX):
• A pre-authentication arbitrary file read.
• A post-authentication arbitrary file upload.

Since August 2022, the DMNX product is out of support. The latest public release r98942 is also
affected.

https://www.synacktiv.com/sites/default/files/2024-03/synacktiv-ricoh_dmnx-multiple-vulnerabilities.pdf

sy64

CVE-2019-11580

https://github.com/jas502n/CVE-2019-11580

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.

https://infosecwriteups.com/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a

sy64

CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed;

https://securityintelligence.com/x-force/cve-2023-20078-technical-analysis/