Byr00T

Researcher fromIHTeam
#7865of 53,630
34.9Total CVSS
Vulnerabilities · 4
Medium
1
Critical
3
PT-2023-9236
10
2023-06-21
Nexgen · Nextgen Mirth Connect · CVE-2023-37679
**Name of the Vulnerable Software and Affected Versions** NextGen Mirth Connect version 4.3.0 **Description** A remote command execution issue allows attackers to execute arbitrary commands on the hosting server. The vulnerability is related to the XStreamSerializer class and is due to a lack of data sanitization at the management level. This can be exploited by a remote attacker to execute arbitrary commands. **Recommendations** For NextGen Mirth Connect version 4.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-20948
9.8
2022-09-05
Unknown · Pfsense Pfblockerng · CVE-2022-31814
**Name of the Vulnerable Software and Affected Versions** pfSense pfBlockerNG versions 2.1.4 26 and earlier **Description** The issue allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the `HTTP Host` header. It is estimated that over 388,000 devices may be affected. A proof-of-concept exploit is available, and there have been reports of this issue being exploited in the wild. The vulnerability can be exploited through the `HTTP Host` header, allowing attackers to execute arbitrary OS commands. **Recommendations** For pfSense pfBlockerNG versions 2.1.4 26 and earlier, consider disabling the vulnerable component until a patch is available. Restrict access to the `HTTP Host` header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-23437
5.3
2021-10-04
Unknown · Onionshare · CVE-2021-41867
**Name of the Vulnerable Software and Affected Versions** OnionShare versions 2.3 through 2.3 **Description** An information disclosure issue allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature. **Recommendations** For OnionShare version 2.3, update to version 2.4 to resolve the issue.
PT-2021-23438
9.8
2021-10-04
Unknown · Onionshare · CVE-2021-41868
**Name of the Vulnerable Software and Affected Versions** OnionShare versions 2.3 through 2.3 **Description** The issue allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. **Recommendations** For OnionShare version 2.3, update to version 2.4 to resolve the issue.