The SOS Intelligence CVE Chatter Weekly Top Ten – 02 October 2023

by Amir Hadzipasic

October 2, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

2. CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.

https://nvd.nist.gov/vuln/detail/CVE-2023-29887

3. CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

4. CVE-2023-5129

https://nvd.nist.gov/vuln/detail/CVE-2023-5129

5. CVE-2023-29357

Microsoft SharePoint Server Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29357

6. CVE-2023-36802

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36802

7. CVE-2023-41064

https://nvd.nist.gov/vuln/detail/CVE-2023-41064

8. CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a “

https://nvd.nist.gov/vuln/detail/CVE-2017-9841

9. CVE-2020-25659

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.

https://nvd.nist.gov/vuln/detail/CVE-2020-25659

10. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Flash Alert

Flash Alert – Exploitation of vulnerabilities in SharePoint – update now

by Daniel Collyer

September 27, 2023

In recent months, several vulnerabilities in SharePoint have been identified and documented, including CVE-2023-29357 and CVE-2023-24955. Security researchers at STAR Labs in Singapore have demonstrated the use of these vulnerabilities to achieve pre-auth remote code execution on a SharePoint server. You can review their research here.

Exploiting these vulnerabilities allows a potential threat actor to bypass authentication by impersonating a legitimate user. They can then inject code into root directories which is then executed by SharePoint.

CVE-2023-29357

CVE-2023-29357 was published in June 2023. It details a vulnerability in Microsoft SharePoint which allows for a threat actor to elevate their privilege on a vulnerable server to administrator level.

The vulnerability affects Microsoft SharePoint Server 2019.

A threat actor, with access to spoofed JWT authentication tokens, is able to undertake a network attack which can bypass authentication. This allows them to gain access to a server, with the privileges of a legitimate, authenticated user.

Microsoft has issued several security updates to combat the vulnerability and these should be installed and implemented as soon as possible. Those who have enabled AMSI integration and use Microsoft Defender are protected.

Python scripts have been identified within online repositories which seek to exploit this vulnerability, and further suggest combining it with CVE-2023-24955 to achieve Remote Code Execution. An example can be found here.

CVE-2023-24955

CVE-2023-24955 was published in May 2023. It concerns a vulnerability in Microsoft SharePoint which allows for the remote execution of code on a SharePoint server by an authenticated threat actor.

Microsoft has issued several security updates to combat the vulnerability and these should be installed and implemented as soon as possible.

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 September 2023

by Amir Hadzipasic

September 25, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2023-36802

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36802

2. CVE-2023-38831

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

3. CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

4. CVE-2023-4863

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

5. CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.

https://nvd.nist.gov/vuln/detail/CVE-2022-47522

6. CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated, network-based attacker to control certain, important environments variables.

Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

* All versions prior to 21.4R3-S5;
* 22.1 versions

prior to

22.1R3-S4;
* 22.2 versions

prior to

22.2R3-S2;
* 22.3 versions

prior to

22.3R2-S2, 22.3R3-S1;
* 22.4 versions

prior to

22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1-S1, 23.2R2.

https://nvd.nist.gov/vuln/detail/CVE-2023-36845

7. CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

https://nvd.nist.gov/vuln/detail/CVE-2021-3493

8. CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

* All versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions

prior to

21.3R3-S5;
* 21.4 versions

prior to

21.4R3-S4;
* 22.1 versions

prior to

22.1R3-S3;
* 22.2 versions

prior to

22.2R3-S1;
* 22.3 versions

prior to

22.3R2-S2, 22.3R3;
* 22.4 versions

prior to

22.4R2-S1, 22.4R3.

https://nvd.nist.gov/vuln/detail/CVE-2023-36846

9. CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

10. CVE-2023-36847

With a specific request that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

* All versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions

prior to

21.3R3-S5;
* 21.4 versions

prior to

21.4R3-S4;
* 22.1 versions

prior to

22.1R3-S3;
* 22.2 versions

prior to

22.2R3-S1;
* 22.3 versions

prior to

22.3R2-S2, 22.3R3;
* 22.4 versions

prior to

22.4R2-S1, 22.4R3.

https://nvd.nist.gov/vuln/detail/CVE-2023-36847

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 September 2023

by Amir Hadzipasic

September 18, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2023-38831

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

2. CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

3. CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

4. CVE-2023-4863

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

5. CVE-2023-33308

https://nvd.nist.gov/vuln/detail/CVE-2023-33308

6. CVE-2022-29455

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.

https://nvd.nist.gov/vuln/detail/CVE-2022-29455

7. CVE-2023-3519

Unauthenticated remote code execution

https://nvd.nist.gov/vuln/detail/CVE-2023-3519

8. CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

9. CVE-2023-41064

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

https://nvd.nist.gov/vuln/detail/CVE-2023-41064

10. CVE-2018-13379

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

Investigation, Opinion, The Dark Web, Tips

The Dark Web in 2023 – SOS Intelligence Special Report

by Daniel Collyer

September 13, 2023

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 September 2023

by Amir Hadzipasic

September 11, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2023-38831

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

2. CVE-2016-10555

Since “algorithm” isn’t enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA’s public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

https://nvd.nist.gov/vuln/detail/CVE-2016-10555

3. CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.

https://nvd.nist.gov/vuln/detail/CVE-2023-34039

4. CVE-2023-24488

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-24488

5. CVE-2023-29298

https://nvd.nist.gov/vuln/detail/CVE-2023-29298

6. CVE-2023-40477

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-40477

7. CVE-2023-23752

https://nvd.nist.gov/vuln/detail/CVE-2023-23752

8. CVE-2023-29300

https://nvd.nist.gov/vuln/detail/CVE-2023-29300

9. CVE-2023-28121

https://nvd.nist.gov/vuln/detail/CVE-2023-28121

10. CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20593

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 September 2023

by Amir Hadzipasic

September 4, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2023-38831

https://nvd.nist.gov/vuln/detail/CVE-2023-38831

2. CVE-2012-3716

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

https://nvd.nist.gov/vuln/detail/CVE-2012-3716

3. CVE-2023-32315

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

4. CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application’s response. This could be used to interact with hosts on the server’s local network bypassing firewalls and access control measures.

https://nvd.nist.gov/vuln/detail/CVE-2022-1386

5. CVE-2023-40477

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-40477

6. CVE-2023-34124

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

7. CVE-2020-9375

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

https://nvd.nist.gov/vuln/detail/CVE-2020-9375

8. CVE-2020-10884

https://nvd.nist.gov/vuln/detail/CVE-2020-10884

9. CVE-2017-13772

https://nvd.nist.gov/vuln/detail/CVE-2017-13772

10. CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 August 2023

by Amir Hadzipasic

August 28, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2023-40477

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-40477

2. CVE-2023-36874

Windows Error Reporting Service Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-36874

3. CVE-2022-32548

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

4. CVE-2023-32315

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

5. CVE-2022-1386

https://nvd.nist.gov/vuln/detail/CVE-2022-1386

6. CVE-2019-0708

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

7. CVE-2023-34124

https://nvd.nist.gov/vuln/detail/CVE-2023-34124

8. CVE-2020-10883

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

https://nvd.nist.gov/vuln/detail/CVE-2020-10883

9. CVE-2021-34480

Scripting Engine Memory Corruption Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-34480

10. CVE-2021-44228

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 August 2023

by Amir Hadzipasic

August 21, 2023

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2022-32548

https://nvd.nist.gov/vuln/detail/CVE-2022-32548

2. CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

3. CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

https://nvd.nist.gov/vuln/detail/CVE-2022-1388

4. CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

https://nvd.nist.gov/vuln/detail/CVE-2022-40982

5. CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:…@ inside a quoting construct (dollar quoting, ”, or “”). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

https://nvd.nist.gov/vuln/detail/CVE-2023-39417

6. CVE-2023-20569

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2023-20569

7. CVE-2021-34473

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

8. CVE-2018-13379

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

9. CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via “su – user -c program”. The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

https://nvd.nist.gov/vuln/detail/CVE-2005-4890

10. CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.

https://nvd.nist.gov/vuln/detail/CVE-2021-43008

Opinion, Tips

Helping law firms to protect their data

by Daniel Collyer

August 17, 2023

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The SOS Intelligence CVE Chatter Weekly Top Ten – 02 October 2023

Flash Alert – Exploitation of vulnerabilities in SharePoint – update now

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 September 2023

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 September 2023

The Dark Web in 2023 – SOS Intelligence Special Report

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 September 2023

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 September 2023

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 August 2023

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 August 2023

Helping law firms to protect their data

Recent Posts

Recent Comments