663 matches found
CVE-2021-35047 Privileged Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...
CVE-2021-35047
CVE-2021-35047 affects Fidelis Network and Deception, specifically the CommandPost, Collector, and Sensor components. The root cause is a privileged command injection vulnerability that allows an attacker with user-level CLI access to inject root-level commands into the component and neighboring ...
CVE-2021-35048 Unauthenticated SQL Injection Vulnerability in Fidelis Network and Deception
Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...
CVE-2021-35048
CVE-2021-35048 affects Fidelis Network and Deception CommandPost, allowing unauthenticated SQL injection via the web interface. Affected: Fidelis Network and Deception versions prior to 9.3.7 and version 9.4. The flaw can lead to exposure of authentication tokens. Patches/updates exist to address...
Fidelis Network 安全漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A security vulnerability exists in Fidelis...
Fidelis Network Deception 操作系统命令注入漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A security vulnerability exists in Fidelis...
Fidelis Network Deception SQL注入漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. Fidelis Network suffers from a SQL injection...
Fidelis Network Deception 操作系统命令注入漏洞
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. Fidelis Network Deception has a security...
PT-2021-20812 · Fidelis · Fidelis Network/Deception
Name of the Vulnerable Software and Affected Versions: Fidelis Network and Deception versions prior to 9.3.7 Fidelis Network and Deception version 9.4 Description: The issue allows authenticated command injection through the web interface, enabling a specially crafted HTTP request to execute syst...
Urban Company: Broken Link on Urban Company's Vulnerability Submission Form
Summary: - Urban Company has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user. And then later the malicious user can exploit this issue to deceive new researchers to submit their legitimate findings to the wrong hands. Steps To Reproduce: 1.Visi...
[eBook] 7 Signs You Might Need a New Detection and Response Tool
It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes...
Fake DarkSide Campaign Targets Energy and Food Sectors
Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom...
Ping Identity: Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone
Summary: Ping Identity has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user, who could then exploit this issue with clever social engineering to deceive new researchers to submit their legitimate findings to the wrong hands. Similar to this...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2021-41123)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
华为 LTE USB Dongle 安全漏洞
Huawei LTE USB Dongle is a combination of hardware and software encryption product from Huawei China that plugs into the parallel port of the computer. It protects source code and algorithms from unauthorized use or against piracy threats. A security vulnerability exists in Huawei LTE USB Dongle,...
[Security Nation] How Robert Black Wards Off Cyber-Attackers with Deception Techniques
!\Security Nation\ How Robert Black Wards Off Cyber-Attackers with Deception Techniqueshttps://blog.rapid7.com/content/images/2021/05/securitynationlogo-2.jpg In our latest episode of Security Nation, we talk with Robert Black, Deputy Director of the UK National Cyber Deception Lab, about his wor...
keycloak: Internationalized domain name (IDN) homograph attack to impersonate users
A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity...
Kaspersky: Several domains on kaspersky.com are vulnerable to Web Cache Deception attack
Reported security issue allowed a potential attacker to steal potentially sensitive information of users of a website, because multiple subdomains of the Kaspersky domain were vulnerable to web cache deception attack. In this scenario the user needs to open a phishing link in a web browser. The...
Injecting Deception Mid-Pandemic: Covid-19 Vaccine Related Threats
We share some of our findings on malware, spam, phishing schemes, malicious websites, and illicit markets that use Covid-19 vaccines as a lure...
USN-4765-1 sleuthkit vulnerabilities
It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. CVE-2012-5619 It was discovered that The Sleuth Kit mishandled...