UK Scans Report July, 2024

UK scans by country

CountryNumber
United States4050
Germany2500
China1685
India1675
Chile724
UK689
Taiwan455
Canada395
Japan351
Brazil351

UK scans by port number

PortNumber
8018191
2316817
80802923
252271
211823
23231639
1101367

UK Scans by Day Of Week

UK Scans by Hour Of Day

The above data was collected by our 'honey-pot' servers that accept requests on popular port scans and online services by used by potential hackers and cyber criminals. On average our UK based listeners record 60,000 port scans per month. The data is for requests to UK based servers up to August 1, 2024
Report updated: August 1, 2024

UK Cyber Exploit Scans July, 2024

Below is a table of just some of the Http requests made by potential hackers to exploit web service vulnerabilities in the UK captured by Funnelweb.tech up to August 1, 2024. Funnelweb is our propriety UK based cyber security exploit listener and IP address capturing system.

ExploitExploit InformationCVE
TP-Link Archer AX21 (AX1800) firmware versions before 1TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.CVE-2023-1389
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)# Exploit Title: PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) # Date: 2022/01/30 # Exploit Author: souzo # Vendor Homepage: phpunit.de # Version: 4.8.28 # Tested on: Unit # CVE : CVE-2017-9841 import requests from sys import argv phpfiles = ["/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.CVE-2017-9841
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVE-2024-3272
elFinder before 2elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.CVE-2019-9194
vendor/elfinder/php/connectorvendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainerCVE-2020-35235
Roxy Fileman 1Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.CVE-2018-20526
A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVE-2024-3803
In PHP versions 8In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.CVE-2024-4577
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)# Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution (RCE) # Date: 02-Feb-2023 # Exploit Author: Galoget Latorre (@galoget) # Vendor Homepage: https://responsivefilemanager.com # Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsive_filemanager.zip # Dockerfile: https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604 # Version: 9.9.5 # Language: Python 3.x # Tested on: # - Ubuntu 22.04.5 LTS 64-bit # - Debian GNU/Linux 10 (bCVE-2022-46604
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.CVE-2024-5050
ThinkPHP before 3ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.CVE-2019-9082
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.CVE-2024-4584
An arbitrary file upload vulnerability in Teller Web App vAn arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.CVE-2023-42362
Douchat 4Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.CVE-2024-35324
Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload################################################################ # # Falt4 CMS (fckeditor) Arbitrary File Upload Exploit # # Bug Discovered By : Sp3shial # # Sp3shial@ymail.com # # Persian Boys Hacking Team From A Land With A History-Long Background # # Download CMS : http://downloads.sourceforge.net/falt4/falt4extreme.zip?modtime=1196845455&big_mirror=0 # ############################################################### error_reporting(0); set_time_limit(0); ini_set("default_socket_timeout", 5);CVE-53650
CVE-2008-6178
File Upload vulnerability in zzzCMS vFile Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.CVE-2023-45555
File Upload vulnerability PMB vFile Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.CVE-2023-46474
Laravel Administrator 4 - Unrestricted File Upload (Authenticated)# Exploit title: Laravel Administrator 4 - Unrestricted File Upload (Authenticated) # Author: Victor Campos and Xavi Beltran # Contact: vcmartin@protonmail.com # Exploit Development: https://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/ # Date: 25/3/2020 # Software link: https://github.com/FrozenNode/Laravel-Administrator/ # Version : 4 # Tested on: Laravel-Administrator 4 # CVE : CVE-2020-10963 #!/usr/bin/env python import requests,json,traceback from reCVE-2020-10963
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.CVE-2022-30023
There is a remote code execution vulnerability that affects all versions of NetMan 204There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.CVE-2022-47893

Last updated: August 1, 2024

If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern industry standard components.

GET IN TOUCH

Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.


Get in touch with us today. We're looking forward to working with you


Get in Touch