Customer portal
Articles Tagged with

SOS Intelligence

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 17 February 2025

by Amir Hadzipasic
February 17, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 

 

3. CVE-2025-23086

On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site’s origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.

https://nvd.nist.gov/vuln/detail/CVE-2025-23086

 

 

4. CVE-2025-23359

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

https://nvd.nist.gov/vuln/detail/CVE-2025-23359

 

 

5. CVE-2024-21413

Microsoft Outlook Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21413

 

 

6. CVE-2024-10914

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2024-10914

 

 

7. CVE-2025-24085

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

https://nvd.nist.gov/vuln/detail/CVE-2025-24085

 

 

8. CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-21418

 

 

9. CVE-2024-42010

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2024-42010

 

 

10. CVE-2025-21376

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2025-21376

 

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 10 February 2025

by Amir Hadzipasic
February 10, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2024-0519

Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2024-0519

 

 

3. CVE-2023-33063

Memory corruption in DSP Services during a remote call from HLOS to DSP.

https://nvd.nist.gov/vuln/detail/CVE-2023-33063

 

 

4. CVE-2024-21351

Windows SmartScreen Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21351

 

 

5. CVE-2024-53104

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.

https://nvd.nist.gov/vuln/detail/CVE-2024-53104

 

 

6. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 

 

7. CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

https://nvd.nist.gov/vuln/detail/CVE-2024-55591

 

 

8. CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘porto_page_header_shortcode_type’, ‘slideshow_type’ and ‘post_layout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0 and fully patched in version 7.1.1.

https://nvd.nist.gov/vuln/detail/CVE-2024-3807

 

 

9. CVE-2024-21413

Microsoft Outlook Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21413

 

 

10. CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

https://nvd.nist.gov/vuln/detail/CVE-2016-20017

 

"Cybersecurity"/
SOS Intelligence Webinar

Livestream: Top 5 Cybersecurity Concerns for 2025

by Amir Hadzipasic
February 5, 2025

What Security Professionals Need to Know

For our first webinar of 2025 we are going to be discussing a number of key topics that will impact us all this year and in the future.

What we will cover:

  • AI-Powered Cyber Attacks
  • Advanced Ransomware Techniques
  • Zero-Day Vulnerabilities
  • Insider Threats
  • Geopolitical Tensions and State-Sponsored Attacks

We will also be looking at the important Mitigation Strategies and Best Practices to try and counter these threats. There will be plenty of time for questions and discussion too. We are going to have a lot to discuss!

We are recording the session so if you sign up and are not able to make it, you will be sent a replay.

Sign up takes seconds, just click the button below.

SIGN UP HERE

Photo by FlyD on Unsplash

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 03 February 2025

by Amir Hadzipasic
February 3, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2017-0144

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

https://nvd.nist.gov/vuln/detail/CVE-2017-0144

 

 

3. CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from “bx seed” entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor’s position is that there was sufficient documentation advising against “bx seed” but others disagree. NOTE: this was exploited in the wild in June and July 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-39910

 

 

4. CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

https://nvd.nist.gov/vuln/detail/CVE-2024-55591

 

 

5. CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘porto_page_header_shortcode_type’, ‘slideshow_type’ and ‘post_layout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0 and fully patched in version 7.1.1.

https://nvd.nist.gov/vuln/detail/CVE-2024-3807

 

 

6. CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the ‘porto_ajax_posts’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

https://nvd.nist.gov/vuln/detail/CVE-2024-3806

 

 

7. CVE-2024-0311

A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.

https://nvd.nist.gov/vuln/detail/CVE-2024-0311

 

 

8. CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

https://nvd.nist.gov/vuln/detail/CVE-2023-6875

 

 

9. CVE-2025-21262

User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network

https://nvd.nist.gov/vuln/detail/CVE-2025-21262

 

 

10. CVE-2020-14882

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2020-14882

 

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 27 January 2025

by Amir Hadzipasic
January 27, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 

 

3. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

 

4. CVE-2024-9935

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2024-9935

 

 

5. CVE-2024-0311

A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.

https://nvd.nist.gov/vuln/detail/CVE-2024-0311

 

 

6. CVE-2025-0282

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-0282

 

 

7. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 

 

8. CVE-2020-8516

The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2020-8516

 

 

9. CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.

https://nvd.nist.gov/vuln/detail/CVE-2024-12987

 

 

10. CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-34990

 

"Flash
Flash Alert

⚡ Flash Alert ⚡ Active Exploitation of CVE-2025-23006 in SonicWall SMA 1000 Appliances

by Daniel Collyer
January 23, 2025

Summary

CVE-2025-23006, a critical vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 Series appliances, is actively being exploited in the wild as a zero-day threat. This flaw allows unauthenticated attackers to execute arbitrary operating system commands via pre-authentication deserialisation of untrusted data. SonicWall has released patches to address this vulnerability and urges immediate action to mitigate the risk.

Key Details

  • Vulnerability: CVE-2025-23006
  • CVSS Score: 9.8 (Critical)
  • Affected Products:
    • SonicWall SMA 1000 Series appliances running version 12.4.3-02804 (platform-hotfix) and earlier.
    • SonicWall Firewall and SMA 100 series products are not impacted.
  • Attack Vector: The vulnerability resides in the Appliance Management Console (AMC) and Central Management Console (CMC) of SMA 1000 devices. Remote, unauthenticated attackers can exploit this flaw to execute operating system commands, potentially compromising the affected systems.
  • Discovery: The vulnerability was reported to SonicWall’s Product Security Incident Response Team (PSIRT) by the Microsoft Threat Intelligence Center (MSTIC), which has also observed indications of its exploitation by advanced threat actors.

Potential Impact

  1. Remote Code Execution (RCE): Successful exploitation enables attackers to gain complete control over the targeted SMA 1000 appliance.
  2. Threat Landscape: Evidence suggests the vulnerability is being actively exploited as a zero-day in real-world attacks. Advanced Persistent Threat (APT) groups could leverage this flaw for data exfiltration, lateral movement within networks, and potentially as a launch point for broader attacks.
  3. Operational Downtime: Organizations relying on SMA 1000 appliances may face disruptions in secure remote access functionality if systems are compromised.

Detailed Exploitation in the Wild

  • Exploitation Reports: SonicWall PSIRT has received intelligence that CVE-2025-23006 has been exploited in active attacks. According to reports from security researchers (Microsoft Threat Intelligence Center), threat actors are using the vulnerability to compromise vulnerable systems remotely.
  • Observed Activity: Exploitation is linked to initial access campaigns targeting organisations’ secure access infrastructure. Specific details of the attack chain have not been disclosed publicly, but the pre-authentication nature of the flaw suggests minimal prerequisites for successful exploitation.
  • Indicators of Compromise (IoCs): While IoCs for this exploitation have not yet been published, organisations should monitor logs for suspicious activity targeting the AMC and CMC interfaces of SMA 1000 appliances.

Recommendations

Patch Immediately:
Upgrade to version 12.4.3-02854 (platform-hotfix) or later, as released by SonicWall to address this vulnerability (SonicWall Advisory).

Restrict Access:
Limit access to the AMC and CMC interfaces to trusted IP addresses only.
Implement network segmentation to isolate critical systems.

Monitor for IoCs:
Review access logs for anomalous activity targeting AMC and CMC endpoints.
Look for signs of unauthorised command execution or lateral movement attempts.

Enhance Detection Capabilities:
Deploy intrusion detection systems (IDS) or intrusion prevention systems (IPS) to monitor traffic to and from affected devices.
Update endpoint detection and response (EDR) signatures to detect exploitation attempts.

Conduct Risk Assessments:
Evaluate the role of SMA 1000 appliances within your network architecture and ensure critical systems are appropriately protected.

Stay Updated:
Monitor SonicWall’s advisory page and reputable security sources for additional guidance and IoCs.

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 20 January 2025

by Amir Hadzipasic
January 20, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 

 

3. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

 

 

4. CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

https://nvd.nist.gov/vuln/detail/CVE-2020-5902

 

 

5. CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

 

 

6. CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-27065

 

 

7. CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

 

 

8. CVE-2024-45387

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role “admin”, “federation”, “operations”, “portal”, or “steering” to execute arbitrary SQL against the database by sending a specially-crafted PUT request.

Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.

https://nvd.nist.gov/vuln/detail/CVE-2024-45387

 

 

9. CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

https://nvd.nist.gov/vuln/detail/CVE-2023-3460

 

 

10. CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

 

"Breached
Flash Alert

⚡ Flash Alert ⚡Breached Fortinet Config Data Released

by Daniel Collyer
January 16, 2025

FLASH ALERT – Breached Fortinet Config Data Released

On Tuesday, 14 January 2025, a threat group known as “BELSEN GROUP” publicly released 1.4GB of config data for FortiGate, impacting over 15,000 credentials.  The data was advertised on Breach Forums, and given away for free via the group’s onion site.

Security researcher Kevin Beaumont reviewed the data and confirmed its authenticity.  Given artifacts left over in the data, it is believed this data was breached due to exploiting CVE-2022-40684, a FortiGate firewall vulnerability exposed in October 2022.  While a patch has since been released, it is suspected this data was obtained before the vulnerability was patched.

Event Timeline:

  1. 2022 Incident: Fortinet disclosed CVE-2022-40684, a zero-day vulnerability in Fortigate firewalls actively exploited by attackers. Organisations were urged to patch immediately.
  2. January 2025: Threat group “BELSEN GROUP” publicly released a dataset containing configurations for over 15,000 Fortigate devices.

Key Details of the Data Dump:

  • Contents:
    • Usernames and passwords: Some stored in plaintext.
    • Device management digital certificates.
    • Complete firewall rules.
    • VPN user lists.
  • Verification: Security researcher Kevin Beaumont confirmed the dump’s authenticity by cross-referencing Shodan data with serial numbers from the release.
  • Data Origin: Exploitation of the CVE-2022-40684 vulnerability in 2022. The data was likely stolen in October 2022 but only disclosed publicly in January 2025.

Potential Impacts

  • Immediate Risk:
    • Organisations exploited in 2022 (even if they patched later) now face exposure of critical data.
    • Public availability of device configurations significantly increases the risk of further attacks.
  • Exposure Scope:
    • Detailed network architectures and user credentials are now accessible to malicious actors.
    • Organisations must assess the compromise of VPN and administrative credentials.

Recommendations

  1. Immediate Actions:
    • Verify if your organisation’s IPs are part of the affected list (to be published by researchers).
    • Change all device credentials, including admin and VPN users.
    • Reassess firewall rules and configurations for potential abuse.
  2. Long-term Mitigation:
  1. Confirm patches for CVE-2022-40684 were applied.
  2. Evaluate additional layers of defence to prevent exploitation of similar vulnerabilities.
  3. Incident Response:
  1. Conduct forensic analysis if affected to determine the extent of historical exploitation.
  2. Engage with security vendors for remediation and further threat intelligence.
"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 13 January 2025

by Amir Hadzipasic
January 13, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 

 

3. CVE-2023-41990

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

https://nvd.nist.gov/vuln/detail/CVE-2023-41990

 

 

4. CVE-2024-9935

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2024-9935

 

 

5. CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

 

 

6. CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

https://nvd.nist.gov/vuln/detail/CVE-2023-38408

 

 

7. CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-35250

 

 

8. CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

https://nvd.nist.gov/vuln/detail/CVE-2024-42327

 

 

9. CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: –play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

https://nvd.nist.gov/vuln/detail/CVE-2020-13699

 

 

10. CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

 

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 06 January 2025

by Amir Hadzipasic
January 6, 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 

 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 

 

3. CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

 

 

4. CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-35250

 

 

5. CVE-2024-30084

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-30084

 

 

6. CVE-2024-26229

Windows CSC Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-26229

 

 

7. CVE-2024-21341

Windows Kernel Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21341

 

 

8. CVE-2024-21412

Internet Shortcut Files Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-21412

 

 

9. CVE-2024-1071

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-1071

 

 

10. CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

https://nvd.nist.gov/vuln/detail/CVE-2019-8943

 

1 2 3 24 25
Recent Posts
Recent Comments
    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Youtube
    Consent to display content from - Youtube
    Vimeo
    Consent to display content from - Vimeo
    Google Maps
    Consent to display content from - Google
    Spotify
    Consent to display content from - Spotify
    Sound Cloud
    Consent to display content from - Sound
    Save