Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability.
Details
I found a Stored Cross-Site Scripting vulnerability in the "Diff or Compare" functionality. This issue occurs because the upload functionality allows users to upload files with special characters such as <, >, /, and " in the filename. This vulnerability can be mitigated by restricting file uploads to filenames containing only whitelisted characters, such as A-Z, 0-9, and specific special characters permitted by business requirements, like - or _ .
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
On MobSF version 4.2.8, I clicked on "Unload & Analyze" button.
I uploaded zip file as a name test.zip.
I used an intercepting proxy tool while uploading a file and changed the value of the filename parameter from test.zip to test.zip. This means I uploaded a file and set its name to a script value. As a result, the server allowed the file to be uploaded successfully.
I accessed /recent_scans/ and found a file named test.zip in the recent scans. Then, I clicked on the "Differ or Compare" button."
I found that the application requires selecting a file to compare, and I selected the file test.zip
I found tha...
December 3rd, 2024 (5 months ago)
|
|
|
Description: A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.
December 3rd, 2024 (5 months ago)
|
|
|
Description: Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: Germany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: Discover key insights from 550+ cybersecurity experts on threat intelligence trends, spending, and strategies in our 2024 infographic. Learn more.
December 3rd, 2024 (5 months ago)
|
|
|
Description: A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.
December 3rd, 2024 (5 months ago)
|
|
|
Description: Today, the FTC banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Ruijie
Equipment: Reyee OS
Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to an Unauthorized Actor, Premature Release of Resource During Expected Lifetime, Insecure Storage of Sensitive Information, Use of Weak Credentials, Improper Neutralization of Wildcards or Matching Symbols, Improper Handling of Insufficient Permissions or Privileges, Server-Side Request Forgery (SSRF), Use of Inherently Dangerous Function, Resource Leak
2. RISK EVALUATION
Successful exploitation of this vulnerabilities could allow attackers to take near full control over the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Ruijie product is affected:
Reyee OS: Versions 2.206.x up to but not including 2.320.x
3.2 Vulnerability Overview
3.2.1 Weak Password Recovery Mechanism for Forgotten Password CWE-640
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
CVE-2024-47547 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L).
A CVSS v4 score has also been calculated for CVE-2024-47547. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:...
December 3rd, 2024 (5 months ago)
|
|
|
Description: Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include:
Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
Canadian Centre for Cyber Security (CCCS)
New Zealand’s National Cyber Security Centre (NCSC-NZ)
This guidance was crafted in response to a People’s Republic of China (PRC)-affiliated threat actor’s compromise of "networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign." The compromise of private communications impacted a limited number of individuals who are primarily involved in government or political activity.
CISA and partners encourage network defenders and engineers of communications infrastructure, and other critical infrastructure organizations with on-premises enterprise equipment, to review and apply the provided best practices, including patching vulnerable devices and services, to reduce opportunities for intrusion. For more information on PRC state-sponsored threat actor activity, see CISA’s People's Republic of China Cyber Threat. For more information on secure by design principles, see CISA’s Secure by Design webpage. Customers should refer to CISA’s Secure by Demand guidance for additional product security considerations.
December 3rd, 2024 (5 months ago)
|