Recently Added Vulnerabilities – November 2023

   December 2, 2023  Posted in Mix


Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.

Latest vulnerabilities:

  • CVE-2023-49103: OwnCloud Phpinfo Configuration
  • CVE-2023-44150: ProfilePress Sensitive Information Exposure
  • CVE-2023-43208: NextGen Healthcare Mirth Connect RCE
  • CVE-2023-41339: Geoserver WMS SSR
  • CVE-2023-40779: IceWarp Open Redirect
  • CVE-2023-39700: IceWarp XSS
  • CVE-2023-37728: IceWarp XSS
  • CVE-2023-33160: Microsoft Sharepoint RCE
  • CVE-2023-22518: Atlassian Confluence Authentication Bypass
  • CVE-2023-20198: Cisco WebUI RCE
  • CVE-2023-6063: WordPress Plugin “WP Fastest Cache” (wp-fastest-cache) SQL Injection
  • CVE-2023-5244: Microweber XSS
  • CVE-2023-4966: Citrix NetScaler ADC and Citrix NetScaler Gateway Sensitive Information Disclosure
  • CVE-2023-3765: MLflow Local File Inclusion
  • CVE-2023-3519: Citrix ADC & Citrix Gateway RCE
  • CVE-2023-1719: Bitrix24 Insecure Global Variable Extraction
  • CVE-2023-1496: SVG Sanitization Bypass XSS
  • CVE-2021-33690: SAP NetWeaver Development Infrastructure SSRF
  • CVE-2020-13851: PandoraFMS RCE
  • CVE-2020-6950: Directory Traversal in Eclipse Mojarra
  • Adobe AEM Misconfigured Replication Servlet
  • Adobe AEM Query Debugger Exposure
  • BeyondTrust Remote Support XSS
  • Bitrix Component XSS via log_cnt
  • Centreon Default Credentials
  • Content-Security-Policy Bypass via Microsoft
  • FusionAuth Installer Exposure
  • Github Workflow Disclosure
  • JWT Private Key Exposure
  • Less History Exposure
  • MantisBT Default Credentials
  • Office Web Apps Server Full Read SSRF
  • RedisInsight Unauthenticated Access
  • Shopware Installer Exposure
  • Spring Boot Actuator / Configuration Properties
  • SugarCRM Installer Exposure
  • WordPress Arbitrary Shortcode Execution
  • New tests added by Detectify staff:
  • Adobe ColdFusion Login Portal
  • PHP var_dump Exposure
  • Nohup Output Exposure

Changed tests:

  • CVE-2023-20198: Cisco WebUI Compromised
  • CVE-2021-44228: Log4Shell (log4j) RCE
  • CVE-2020-8512: IceWarp XSS
  • ActiveAdmin Admin Dasboard Exposure
  • Adobe AEM Granite Login Portal
  • Adobe AEM JCR Compare Exposure
  • Amazon API-Key Disclosure
  • Amazon API-Key Disclosure
  • Apache .htaccess Exposure
  • Apache Struts actionErrors XSS
  • Apache Struts actionErrors XSS
  • Atom Package Configuration Credentials Exposure
  • Atom Package Configuration Exposure
  • Caddy Open Redirect
  • cPanel WHM Exposed Login Portal
  • Drupal Registration Enabled
  • Environment Variables Disclosure
  • Filezilla Config Exposure
  • Generic CI Pipeline Configuration Exposure
  • GitLab Public Projects Exposure
  • Global.json Exposure
  • Jolokia Configuration Exposure
  • Jolokia Endpoint Exposure
  • Jolokia Path Traversal
  • Nagios XI Installer Exposure
  • Nano History Exposure
  • Nginx Configuration Exposure
  • PHP Coding Standards Fixer Cache Exposure
  • SH History Exposure
  • Sublime SFTP Configuration Exposure
  • TYPO3 Install Tool Exposure
  • Visual Studio Code Ignore File Disclosure
  • Visual Studio Code jsconfig.json Disclosure
  • Visual Studio Code Settings Credential Exposure
  • Visual Studio Code Settings Exposure
  • Visual Studio Code SFTP Configuration Disclosure
  • VisualStudio Code Container Configuration Exposure
  • WinSCP Configuration Exposure
  • WS-FTP Configuration Exposure
  • ZSH History Exposure



Source link