Conti Ransomware Gang Has Full Log4Shell Attack Chain
The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of...
10CVSS
-0.1AI Score
0.976EPSS
1AI Score
7.4AI Score
0.1AI Score
Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products
Some Huawei products are affected by the Apache Log4j2 remote code execution vulnerabilities. The vulnerabilities are caused by a recursive parsing error in some functions of Apache Log4j2. An attacker can construct a malicious request to control log parameters to trigger a remote code execution...
10CVSS
2.9AI Score
0.976EPSS
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context.....
Description of the security update for SharePoint Foundation 2013: December 14, 2021 (KB5002071)
Description of the security update for SharePoint Foundation 2013: December 14, 2021 (KB5002071) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities,.....
8.8CVSS
7.8AI Score
0.038EPSS
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information...
6.5CVSS
6.1AI Score
0.001EPSS
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....
KLA12390 RCE vulnerability in Apache Log4j
Remote code execution vulnerability was found in Apache Log4j. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Apache Log4j Security Vulnerabilities Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability....
10CVSS
10AI Score
0.976EPSS
7.4AI Score
-0.1AI Score
0.1AI Score
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...
AI Score
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...
AI Score
Not with a Bang but a Whisper: The Shift to Stealthy C2
As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat (APT) malware and the billion-dollar...
-0.5AI Score
OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration...
-0.1AI Score
-0.1AI Score
The cost of data security – it’s not just about the numbers
Organizations striving to improve their security posture often find this a multi-faceted challenge. In addition to the security product evaluation itself, security budgets are tight and justification is a necessary step. Financial language, however, is not everyone’s forte - and fiscal...
0.5AI Score
Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200,...
6.5CVSS
6.3AI Score
0.001EPSS
7.4AI Score
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the...
5.5CVSS
5.3AI Score
0.0004EPSS
U.S. Dept Of Defense: Unauthenticated Access to Admin Panel Functions at https://███████/███
Description: The admin panel at https://██████████/████████ and all its functions can be accessed without authentication. This is basically the same vulnerability as in #1394910, just on another system. Impact An attacker is able to use the administrative functions in order to upload, delete or...
-0.1AI Score
Cisco Unity Connect Path Traversal (cisco-sa-cucm-path-trav-dKCvktvO)
The version of Cisco Unity Connection installed on the remote host is prior to 14SU1. It is, therefore, affected by a path traversal vulnerability in the web-based management interface that allows an authenticated, remote attacker to access sensitive data. This is caused by improperly validated...
4.3CVSS
5AI Score
0.001EPSS
7.1AI Score
7.1AI Score
AI Score
gites-espace-detente.com Cross Site Scripting vulnerability OBB-2233268
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
Description Stored XSS via parameter [title] when create new ticket Details At the table tickets in admin, when rendering data for column [Ticket] it allows for arbitrary execution of JavaScript Vulnerability code { data: "ticket", render: function...
6.1CVSS
0.4AI Score
0.001EPSS
7.1AI Score
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
...
7.4AI Score
7.4AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.4AI Score
SmartStoreNET - Malicious Message leading to E-Commerce Takeover
SmartStoreNET is the leading open-source e-commerce platform for .NET, which makes it suitable for companies running Windows Server. Next to the operation of an online business, it offers advanced features, such as CRM tools, a blog and a forum. As a result, a SmartStoreNET instance handles highly....
9.8CVSS
10.2AI Score
0.004EPSS
-0.3AI Score
-0.1AI Score
-0.1AI Score