We are a Singapore company providing cyber security services. Our aim is to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.
(CVE-2024-6781) Calibre Arbitrary File Read
Summary Product Calibre Vendor Calibre Severity High - Unprivileged adversaries may exploit software vulnerabilities to perform relative path traversal to achieve arbitrary file read Affected Versions <= 7.14.0 (latest version as of writing) Tested Versions 7.14.0 CVE Identifier CVE-2024-6781 CVE Description Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability allows Relative Path Traversal CWE Classification(s) CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CAPEC Classification(s) CAPEC-139 Relative Path Traversal CVSS3....
(CVE-2024-6782) Calibre Remote Code Execution
Summary Product Calibre Vendor Calibre Severity Critical - Unprivileged adversaries may exploit software vulnerabilities to perform remote code execution Affected Versions 6.9.0 ~ 7.14.0 (latest version as of writing) Tested Versions 7.14.0 CVE Identifier CVE-2024-6782 CVE Description Improper Access Control in Calibre Content Server allows remote code execution CWE Classification(s) CWE-863: Incorrect Authorization CAPEC Classification(s) CAPEC-253: Remote Code Inclusion CVSS3....
(CVE-2024-7008) Calibre Reflected Cross-Site Scripting (XSS)
Summary Product Calibre Vendor Calibre Severity Medium Affected Versions <= 7.15.0 (latest version as of writing) Tested Versions 7.15.0 CVE Identifier CVE-2024-7008 CWE Classification(s) CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) CAPEC Classification(s) CAPEC-591 Reflected XSS CVSS3.1 Scoring System Base Score: 5.4 (Medium) Vector String: CVSS:3....
(CVE-2024-7009) Calibre SQLite Injection
Summary Product Calibre Vendor Calibre Severity Medium Affected Versions <= 7.15.0 (latest version as of writing) Tested Versions 7.15.0 CVE Identifier CVE-2024-7009 CWE Classification(s) CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CAPEC Classification(s) CAPEC-66 SQL Injection CVSS3.1 Scoring System Base Score: 4.2 (Medium) Vector String: CVSS:3....
(CVE-2024-1837) Singtel RT5703W Unauthenticated Command Injection RCE via Login Vulnerability
Summary Product Singtel WI-FI 6 ROUTER RT5703W Vendor Singtel/Askey Severity Critical - Adversaries may exploit software vulnerabilities to execute arbitrary commands on the underlying OS with root privileges. Affected Versions V1.6.4-5194 (latest version as of writing) Tested Versions V1.6.4-5194 (latest version as of writing) Internal Identifier STAR-2023-0097 CVE Identifier TBD CVE Description OS command injection vulnerability in net....
(CVE-2024-1838) Singtel RT5703W Authenticated Command Injection RCE via SetLoginPwd Vulnerability
Summary Product Singtel WI-FI 6 ROUTER RT5703W Vendor Singtel/Askey Severity High - Adversaries may exploit software vulnerabilities to execute arbitrary commands on the underlying OS with root privileges. Affected Versions V1.6.4-5194 (latest version as of writing) Tested Versions V1.6.4-5194 (latest version as of writing) Internal Identifier STAR-2023-0098 CVE Identifier TBD CVE Description OS command injection vulnerability in net....
(CVE-2023-3368) Chamilo LMS Unauthenticated Command Injection
Summary Product Chamilo Vendor Chamilo Severity High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. Affected Versions <= v1.11.20 Tested Versions v1.11.20 (latest version as of writing) CVE Identifier CVE-2023-3368 CVE Description Command injection in /main/webservices/additional_webservices.php in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters....