Month: October 2023

QNAP QTS, QuTS hero, and QuTScloud directory traversal | CVE-2023-32974

October 18, 2023

NAME__________QNAP QTS, QuTS hero, and QuTScloud directory traversalPlatforms Affected:QNAP QuTS hero h5.1.0 QNAP QTS 5.1.0 QNAP QuTScloud c5.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information...

HP t430 Thin Client and HP t638 Thin Client tampering | CVE-2023-5409

October 18, 2023

NAME__________HP t430 Thin Client and HP t638 Thin Client tamperingPlatforms Affected:HP N41 BIOS 00.01.13 HP N44 BIOS 00.02.10 HP N43...

Vrm 360 3D Model Viewer Plugin for WordPress information disclosure | CVE-2023-5177

October 18, 2023

NAME__________Vrm 360 3D Model Viewer Plugin for WordPress information disclosurePlatforms Affected:WordPress Vrm 360 3D Model Viewer Plugin for WordPress 1.2.1Risk...

South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45689

October 18, 2023

NAME__________South River Technologies Titan MFT and Titan SFTP directory traversalPlatforms Affected:South River Technologies Titan SFTP 2.0.17.2298 South River Technologies Titan...

Fiber cross-site request forgery | CVE-2023-45141

October 18, 2023

NAME__________Fiber cross-site request forgeryPlatforms Affected:Fiber Fiber 2.49.2Risk Level:7.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Fiber is vulnerable to cross-site request forgery, caused by improper validation...

PageLayer Plugin for WordPress cross-site scripting | CVE-2023-5087

October 18, 2023

NAME__________PageLayer Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress PageLayer Plugin for WordPress 1.7.8Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PageLayer Plugin for WordPress is vulnerable...

Devolutions Server security bypass | CVE-2023-5575

October 18, 2023

NAME__________Devolutions Server security bypassPlatforms Affected:Devolutions Devolutions Server 2022.3.12 Devolutions Devolutions Server 2022.3.13Risk Level:6.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Devolutions Server could allow a remote...

South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45686

October 18, 2023

NAME__________South River Technologies Titan MFT and Titan SFTP directory traversalPlatforms Affected:South River Technologies Titan SFTP 2.0.17.2298 South River Technologies Titan...

Popup Builder WordPress Plugin for WordPress cross-site scripting | CVE-2023-5561

October 18, 2023

NAME__________Popup Builder WordPress Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Popup Builder Plugin for WordPress 4.1.15Risk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Popup Builder WordPress...

User Activity Log Pro plugin for WordPress cross-site scripting | CVE-2023-5167

October 18, 2023

NAME__________User Activity Log Pro plugin for WordPress cross-site scriptingPlatforms Affected:WordPress User Activity Log Pro Plugin for WordPress 2.3.4Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting...

South River Technologies Titan MFT and Titan SFTP security bypass | CVE-2023-45687

October 18, 2023

NAME__________South River Technologies Titan MFT and Titan SFTP security bypassPlatforms Affected:South River Technologies Titan SFTP 2.0.17.2298 South River Technologies Titan...

User Activity Log Pro Plugin for WordPress spoofing | CVE-2023-5133

October 18, 2023

NAME__________User Activity Log Pro Plugin for WordPress spoofingPlatforms Affected:WordPress WordPress WordPress User Activity Log Pro Plugin for WordPress 2.3.4Risk Level:5.3Exploitability:UnprovenConsequences:Gain...

South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45685

October 18, 2023

NAME__________South River Technologies Titan MFT and Titan SFTP directory traversalPlatforms Affected:South River Technologies Titan SFTP 2.0.17.2298 South River Technologies Titan...

Oracle MySQL Server unspecified | CVE-2023-22028

October 18, 2023

NAME__________Oracle MySQL Server unspecifiedPlatforms Affected:Oracle MySQL Server 8.0.31 Oracle MySQL Server 5.7.43Risk Level:4.9Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________An unspecified vulnerability in Oracle...

Oracle Banking Trade Finance unspecified | CVE-2023-22122

October 18, 2023

NAME__________Oracle Banking Trade Finance unspecifiedPlatforms Affected:Oracle Banking Trade Finance 14.5 Oracle Banking Trade Finance 14.6 Oracle Banking Trade Finance 14.7Risk...

SonicWall SonicOS denial of service | CVE-2023-39278

October 18, 2023

NAME__________SonicWall SonicOS denial of servicePlatforms Affected:SonicWall TZ370 7.0.1-5119 SonicWall TZ370W 7.0.1-5119 SonicWall TZ470 7.0.1-5119 SonicWall TZ470W 7.0.1-5119 SonicWall TZ570 7.0.1-5119...

Oracle Banking Trade Finance unspecified | CVE-2023-22121

October 18, 2023

NAME__________Oracle Banking Trade Finance unspecifiedPlatforms Affected:Oracle Banking Trade Finance 14.5 Oracle Banking Trade Finance 14.6 Oracle Banking Trade Finance 14.7Risk...

Oracle MySQL Server unspecified | CVE-2023-22070

October 18, 2023

NAME__________Oracle MySQL Server unspecifiedPlatforms Affected:Oracle MySQL Server 8.0.34 Oracle MySQL Server 8.1.0Risk Level:4.9Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________An unspecified vulnerability in Oracle...

SonicWall SonicOS denial of service | CVE-2023-39280

October 18, 2023

ActivityPub plugin for WordPress cross-site scripting | CVE-2023-5057

October 18, 2023

NAME__________ActivityPub plugin for WordPress cross-site scriptingPlatforms Affected:WordPress ActivityPub Plugin for WordPressRisk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________ActivityPub plugin for WordPress is vulnerable to...

Month: October 2023

QNAP QTS, QuTS hero, and QuTScloud directory traversal | CVE-2023-32974

HP t430 Thin Client and HP t638 Thin Client tampering | CVE-2023-5409

Vrm 360 3D Model Viewer Plugin for WordPress information disclosure | CVE-2023-5177

South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45689

Fiber cross-site request forgery | CVE-2023-45141

PageLayer Plugin for WordPress cross-site scripting | CVE-2023-5087

Devolutions Server security bypass | CVE-2023-5575

South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45686

Popup Builder WordPress Plugin for WordPress cross-site scripting | CVE-2023-5561

User Activity Log Pro plugin for WordPress cross-site scripting | CVE-2023-5167

South River Technologies Titan MFT and Titan SFTP security bypass | CVE-2023-45687

User Activity Log Pro Plugin for WordPress spoofing | CVE-2023-5133

South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45685

Oracle MySQL Server unspecified | CVE-2023-22028

Oracle Banking Trade Finance unspecified | CVE-2023-22122

SonicWall SonicOS denial of service | CVE-2023-39278

Oracle Banking Trade Finance unspecified | CVE-2023-22121

Oracle MySQL Server unspecified | CVE-2023-22070

SonicWall SonicOS denial of service | CVE-2023-39280

ActivityPub plugin for WordPress cross-site scripting | CVE-2023-5057

Oracle MySQL Server unspecified | CVE-2023-22064

Oracle MySQL Server unspecified | CVE-2023-22015

Oracle MySQL Server unspecified | CVE-2023-22110

Oracle Banking Trade Finance unspecified | CVE-2023-22125

[APT73] – Ransomware Victim: gureco[.]pl

[APT73] – Ransomware Victim: lgpunjab[.]gov[.]in

[INCRANSOM] – Ransomware Victim: IPE Engwicht

[HUNTERS] – Ransomware Victim: Aeris Energy

[HUNTERS] – Ransomware Victim: Jones & Mayer

You may have missed