Initial Access Intelligence

Weekly Initial Access Release Notes

Feb 08 - Feb 14, 2025

  1. OpenCTI + VulnCheck Integration
  2. CVE-2023-45498: Vinchin Backup RCE
  3. CVE-2023-4220: Adds Chamilo File Upload RCE & Chamilo Unification

Feb 01 - Feb 07, 2025

  1. CVE-2023-30625: RudderStack rudder_server RCE
  2. CVE-2024-46506: NetAlertX Unauthenticated RCE
  3. CVE-2023-25826: OpenTSDB Metric Key Command Injection

Jan 25 - Jan 31, 2025

  1. CVE-2024-7097: WSO2 Account Creation
  2. CVE-2024-36117: Reposilite Directory Traversal
  3. CVE-2024-5082: Nexus Repository 2 RCE

Jan 18 - Jan 24, 2025

  1. CVE-2024-57727: SimpleHelp Path Traversal
  2. CVE-2025-0107: Palo Alto Networks Expedition Spark Callback RCE
  3. CVE-2024-55591: FortiOS Websocket Auth Bypass

Jan 11 - Jan 17, 2025

  1. CVE-2025-0282: Ivanti Connect Secure IF-T Buffer Overflow
  2. CVE-2025-0520: ShowDoc Upload RCE
  3. CVE-2022-24260 VoIP Monitor GUI SQLi

Dec 21 - Dec 27, 2024

  1. CVE-2024-50379: Apache Tomcat TOCTOU Webshell Upload
  2. CVE-2018-1160: Netatalk Commands Pointer Buffer Overflow RCE
  3. CVE-2024-56145: Craft CMS `register_argc_argv` RCE

Dec 14 - Dec 20, 2024

  1. Feature Update
  2. CVE-2024-12856: Four-Faith adjust_sys_time Exploitation in the Wild
  3. CVE-2023-3722: Avaya Aura Device Service Webshell Upload

Dec 7 - Dec 13, 2024

  1. CVE-2024-50623 Rapid Response
  2. CVE-2023-28879: Exploiting ownCloud through Ghostscript
  3. CVE-2024-47533: Cobbler XML-RPC Authentication Bypass

Nov 30 - Dec 6, 2024

  1. CVE-2024-41713: Mitel MiCollab File Disclosure
  2. CVE-2024-29510: Exploiting ownCloud through Ghostscript
  3. CVE-2024-10924: Really Simple Security WordPress Plugin Auth Bypass

Nov 23 - Nov 29, 2024

  1. CVE-2024-11680: ProjectSend Authentication Bypass and Webshell Upload
  2. CVE-2021-29442: Alibaba Nacos Remote Code Execution
  3. CVE-2020-8515 Draytek Vigor Remote Code Execution

Nov 18 - Nov 22, 2024

  1. CVE-2024-8069: Citrix Session Recording (Virtual Apps and Desktops) .NET Deserialization
  2. CVE-2024-0012 PAN-OS Authentication Bypass and CVE-2024-9474 Authenticated Command Injection
  3. CVE-2024-10914: D-Link ShareCenter DNS Command Injection

Nov 9 - Nov 17, 2024

  1. STATUS UPDATE: CVE-2024-47575 Fortinet FortiManager fgfmd Missing Authentication
  2. CVE-2024-20017: Netgear WAX206
  3. IP-Intel Update

Nov 2 - Nov 8, 2024

  1. CVE-2022-3405: Acronis Cyber Protect and Backup RCE
  2. CVE-2024-45216: Apache Solr Auth Bypass
  3. CVE-2024-9014: pgAdmin OAuth2 Information Disclosure

Oct 26 - Nov 1, 2024

  1. CVE-2024-38816: Spring WebFlux - Halo CMS Directory Traversal Variant
  2. CVE-2024-51378 CybePanel Command Injection
  3. CVE-2023-47207: Delta Electronics InfraSuite Device Master Deserialization

Oct 19 - Oct 25, 2024

  1. CVE-2024-9464 + CVE-2024-5910 Palo Alto Network Expedition Exploit Chain
  2. CVE-2024-28000: LiteSpeed Cache WordPress Plugin Admin Hash Bruteforce RCE
  3. CVE-2024-44000: LiteSpeed Cache Debug Log Credential Leak to RCE

Oct 12 - Oct 18, 2024

  1. Feature Update
  2. ABB ASPECT CVE-2023-0636 & CVE-2024-6209
  3. CVE-2024-2961 + CVE-2024-34102 Exploit Chain (Magento and glibc)

Oct 5 - Oct 11, 2024

  1. CVE-2019-12168: Four Faith Industrial Router
  2. CVE-2024-9643: Four Faith Industrial Router (Zero day)
  3. CVE-2024-9644: Four Faith Industrial Router (Zero day)

Sept 28 - Oct 4, 2024

  1. CVE-2024-9441: Linear eMerge e-Series (Unpatched)
  2. CVE-2024-45519: Zimbra SMTP RCPT Injection RCE
  3. CVE-2023-26469: Jorani Log Poisoning RCE

August 31 - September 6, 2024

  1. Traccar Exploit Chain
  2. Clarification on D-Link "Won't Fix" CVE: CVE-2024-44340 - CVE-2024-44342 and CVE-2024-41622
  3. CVE-2024-5932: GiveWP Remote Code Execution

August 24 - August 30, 2024

  1. CVE-2024-28987 SolarWinds Web Help Desk
  2. CVE-2023-48022 and CVE-2023-6019 Anyscale Ray Remote Code Executions
  3. CVE-2023-4911 GLIBC Tunables

August 17 - August 23, 2024

  1. CVE-2024-7954: SPIP porte_plume Plugin Arbitrary PHP Execution
  2. CVE-2024-5276: Fortra FileCatalyst Workflow SQL Injection
  3. CVE-2020-12783: Exim Authentication Bypass

August 10 - August 16, 2024

  1. CVE-2024-7593: Ivanti vTM Authentication Bypass
  2. CVE-2024-26331: ReCrystallize Server authentication bypass to RCE
  3. CVE-2024-20419: Cisco Smart Software Manager On-Prem Account Takeover

August 3 - August 9, 2024

  1. CVE-2024-38077: "MadLicense" Windows RCE
  2. CVE-2024-38856: Apache OFBiz improper authorization checks RCE
  3. CVE-2024-4547 and CVE-2024-4548: Delta Electronics DIAEnergie SQLi -> Code Execution

July 27 - August 2, 2024

  1. CHANGELOG.md Added to Initial Access Repository
  2. README.md Updates
  3. CVE-2024-40348 Bazarr Secrets Leak