Recently Added Vulnerabilities – September 2023

   October 31, 2023  Posted in Mix


Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.

Featured vulnerability:

CVE-2023-42793: TeamCity CI Authentication Bypass.
CVE-2023-42793 is present in versions of the CI/CD solution TeamCity. If exploited, it can lead to remote code execution (RCE) attacks. All TeamCity users are urged to update to the latest version (2023.05.04) or implement the security patch plugin released by the solution.

Latest vulnerabilities:

  • CVE-2021-44138: Caucho Resin Path Traversal
  • CVE-2022-4057: Autoptimize Information Disclosure
  • CVE-2023-29298: Adobe ColdFusion Improper Access Control
  • CVE-2023-29300: Adobe ColdFusion Pre-Auth RCE
  • CVE-2023-38205: Adobe ColdFusion Improper Access Control
  • CVE-2023-4568: PaperCut NG Unauthenticated XMLRPC Functionality
  • CVE-2023-4451: Cockpit CMS XSS
  • CVE-2023-30019: Imgproxy SSRF
  • Browserless Debugger Exposure
  • CVE-2023-33568: Dolibarr Unauthenticated Database Access
  • Grav CMS Install Exposure
  • CVE-2023-27482: Home Assistant Authentication Bypass
  • Jolokia Path Traversal
  • CVE-2023-36844: Juniper J-Web RCE
  • CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass
  • CVE-2023-35082: Ivanti Endpoint Manager Mobile (EPMM) Unauthenticated API Access
  • Nuxt.js Dev Mode Path Traversal
  • Nuxt.js Partial File Read
  • Nuxt.js Dev Mode XSS
  • OpenMediaVault Default Credentials
  • Traccar Default Credentials
  • Wazuh Default Credentials
  • 3CX Installer Exposure
  • Bitrix24 Installer Exposure
  • Cisco Unified Communications Manager User Enumeration
  • Google Cloud Storage Arbitrary Bucket Content Included In Response
  • CVE-2023-42442: JumpServer Information Disclosure
  • MantisBT Installer Exposure
  • NethServer Default Credentials
  • OpenSearch Dashboards Default Credentials
  • Open Journal Systems Installer Exposure
  • CVE-2023-4668: Ad Inserter Unauthenticated Sensitive Information Exposure
  • WordPress WPML Login Page XSS
  • Zabbix Installer Exposure



Source link