{"vulnerability": "CVE-2024-4778", "sightings": [{"uuid": "2168e36b-669c-4401-8b5c-be05da9caea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47784", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14141", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47784\n\ud83d\udd25 CVSS Score: 2.1 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/R:U)\n\ud83d\udd39 Description: Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI\nThis issue affects ANC software version 1.1.4 and earlier.\n\ud83d\udccf Published: 2025-04-30T18:17:02.648Z\n\ud83d\udccf Modified: 2025-04-30T20:04:47.051Z\n\ud83d\udd17 References:\n1. https://search.abb.com/library/Download.aspx?DocumentID=2CRT000006&LanguageCode=en&DocumentPartId=PDF&Action=Launch", "creation_timestamp": "2025-04-30T20:14:14.000000Z"}, {"uuid": "0b9c2b1e-95c6-40ee-a5ab-f90dd3118405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47783", "type": "seen", "source": "https://t.me/cvedetector/10609", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47783 - Samsung SIPORT Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47783 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.  \n  \nThis could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:45.000000Z"}, {"uuid": "a4358826-f67f-4bef-932e-45cffaacc59d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47781", "type": "seen", "source": "https://t.me/cvedetector/7294", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47781 - Miraheze CreateWiki XSS Vulnerability (Cross-Site Scripting)\", \n  \"Content\": \"CVE ID : CVE-2024-47781 \nPublished : Oct. 7, 2024, 10:15 p.m. | 40\u00a0minutes ago \nDescription : CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T01:10:03.000000Z"}, {"uuid": "02710bbe-9c8d-4c5e-8cf2-5500745c35bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47782", "type": "seen", "source": "https://t.me/cvedetector/7295", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47782 - WikiDiscover XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47782 \nPublished : Oct. 7, 2024, 10:15 p.m. | 40\u00a0minutes ago \nDescription : WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T01:10:07.000000Z"}, {"uuid": "ae10a13b-a043-4dac-b2e0-217a4b67a216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47780", "type": "seen", "source": "https://t.me/cvedetector/7398", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47780 - TYPO3 Unauthenticated Page Visibility Leak\", \n  \"Content\": \"CVE ID : CVE-2024-47780 \nPublished : Oct. 8, 2024, 6:15 p.m. | 41\u00a0minutes ago \nDescription : TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to \"everybody.\" However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-08T21:14:20.000000Z"}, {"uuid": "0880fab0-b372-47a5-9f39-fad3d64d60ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47789", "type": "seen", "source": "https://t.me/cvedetector/6975", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47789 - D3D Security IP Camera Unvalidated User Credentials Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-47789 \nPublished : Oct. 4, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T16:02:13.000000Z"}, {"uuid": "2935c392-2217-49c9-a426-6578465d118d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47783", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470250522659199", "content": "", "creation_timestamp": "2024-11-12T13:36:58.196260Z"}, {"uuid": "819428de-7946-4f54-a191-5d0164e85d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47784", "type": "seen", "source": "https://t.me/cvedetector/24138", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47784 - ANC Software Password Change Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47784 \nPublished : April 30, 2025, 7:15 p.m. | 37\u00a0minutes ago \nDescription : Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI  \nThis issue affects ANC software version 1.1.4 and earlier. \nSeverity: 2.6 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T22:06:05.000000Z"}, {"uuid": "a0f006e1-7803-4765-845b-f22516700da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47783", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-02", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}]}