This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.
There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.
We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.
If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!
1. CVE-2023-4966
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
https://nvd.nist.gov/vuln/detail/CVE-2023-4966
2. CVE-2020-20491
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
https://nvd.nist.gov/vuln/detail/CVE-2020-20491
3. CVE-2021-29200
Pre-auth RCE in Apache Ofbiz 18.12.09.
It’s due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
https://nvd.nist.gov/vuln/detail/CVE-2021-29200
4. CVE-2018-11494
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
https://nvd.nist.gov/vuln/detail/CVE-2018-11494
5. CVE-2016-10509
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
https://nvd.nist.gov/vuln/detail/CVE-2016-10509
6. CVE-2018-13067
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
https://nvd.nist.gov/vuln/detail/CVE-2018-13067
7. CVE-2023-47444
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.
https://nvd.nist.gov/vuln/detail/CVE-2023-47444
8. CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09.
It’s due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
https://nvd.nist.gov/vuln/detail/CVE-2023-49070
9. CVE-2023-51467
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
https://nvd.nist.gov/vuln/detail/CVE-2023-51467
10. CVE-2023-50968
Pre-auth RCE in Apache Ofbiz 18.12.09.
It’s due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
https://nvd.nist.gov/vuln/detail/CVE-2023-50968