Lucene search
K

663 matches found

Cvelist
Cvelist
added 2021/06/25 11:44 a.m.15 views

CVE-2021-35047 Privileged Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...

9.9CVSS9.6AI score0.01638EPSS
Exploits1References2
CVE
CVE
added 2021/06/25 11:44 a.m.50 views

CVE-2021-35047

CVE-2021-35047 affects Fidelis Network and Deception, specifically the CommandPost, Collector, and Sensor components. The root cause is a privileged command injection vulnerability that allows an attacker with user-level CLI access to inject root-level commands into the component and neighboring ...

9.9CVSS8.8AI score0.01638EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2021/06/25 11:44 a.m.19 views

CVE-2021-35048 Unauthenticated SQL Injection Vulnerability in Fidelis Network and Deception

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...

9.8CVSS10AI score0.01292EPSS
Exploits1References2
CVE
CVE
added 2021/06/25 11:44 a.m.54 views

CVE-2021-35048

CVE-2021-35048 affects Fidelis Network and Deception CommandPost, allowing unauthenticated SQL injection via the web interface. Affected: Fidelis Network and Deception versions prior to 9.3.7 and version 9.4. The flaw can lead to exposure of authentication tokens. Patches/updates exist to address...

9.8CVSS10AI score0.01292EPSS
Exploits1References2Affected Software2
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.4 views

Fidelis Network 安全漏洞

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A security vulnerability exists in Fidelis...

7.5CVSS5.6AI score0.01033EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.4 views

Fidelis Network Deception 操作系统命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A security vulnerability exists in Fidelis...

9.9CVSS5.9AI score0.04615EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.5 views

Fidelis Network Deception SQL注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. Fidelis Network suffers from a SQL injection...

9.8CVSS5.9AI score0.01292EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.5 views

Fidelis Network Deception 操作系统命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. Fidelis Network Deception has a security...

9.9CVSS5.6AI score0.01638EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/06/25 12:0 a.m.4 views

PT-2021-20812 · Fidelis · Fidelis Network/Deception

Name of the Vulnerable Software and Affected Versions: Fidelis Network and Deception versions prior to 9.3.7 Fidelis Network and Deception version 9.4 Description: The issue allows authenticated command injection through the web interface, enabling a specially crafted HTTP request to execute syst...

9.9CVSS9.5AI score0.04615EPSS
Exploits1References4
Hacker One
Hacker One
added 2021/06/21 7:3 a.m.90 views

Urban Company: Broken Link on Urban Company's Vulnerability Submission Form

Summary: - Urban Company has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user. And then later the malicious user can exploit this issue to deceive new researchers to submit their legitimate findings to the wrong hands. Steps To Reproduce: 1.Visi...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/18 6:33 a.m.45 views

[eBook] 7 Signs You Might Need a New Detection and Response Tool

It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/06/18 12:0 a.m.13 views

Fake DarkSide Campaign Targets Energy and Food Sectors

Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2021/06/13 7:54 a.m.8 views

Ping Identity: Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone

Summary: Ping Identity has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user, who could then exploit this issue with clever social engineering to deceive new researchers to submit their legitimate findings to the wrong hands. Similar to this...

0.6AI score
Exploits0
CNVD
CNVD
added 2021/06/09 12:0 a.m.8 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2021-41123)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

8.1CVSS6.4AI score0.01287EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.5 views

华为 LTE USB Dongle 安全漏洞

Huawei LTE USB Dongle is a combination of hardware and software encryption product from Huawei China that plugs into the parallel port of the computer. It protects source code and algorithms from unauthorized use or against piracy threats. A security vulnerability exists in Huawei LTE USB Dongle,...

6.5CVSS6.7AI score0.00175EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/05/26 7:58 p.m.33 views

[Security Nation] How Robert Black Wards Off Cyber-Attackers with Deception Techniques

!\Security Nation\ How Robert Black Wards Off Cyber-Attackers with Deception Techniqueshttps://blog.rapid7.com/content/images/2021/05/securitynationlogo-2.jpg In our latest episode of Security Nation, we talk with Robert Black, Deputy Director of the UK National Cyber Deception Lab, about his wor...

1.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/20 12:46 p.m.3 views

keycloak: Internationalized domain name (IDN) homograph attack to impersonate users

A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity...

5.3CVSS5.7AI score0.00774EPSS
Exploits0References5
Hacker One
Hacker One
added 2021/05/05 4:15 p.m.89 views

Kaspersky: Several domains on kaspersky.com are vulnerable to Web Cache Deception attack

Reported security issue allowed a potential attacker to steal potentially sensitive information of users of a website, because multiple subdomains of the Kaspersky domain were vulnerable to web cache deception attack. In this scenario the user needs to open a phishing link in a web browser. The...

3.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/03/31 12:0 a.m.8 views

Injecting Deception Mid-Pandemic: Covid-19 Vaccine Related Threats

We share some of our findings on malware, spam, phishing schemes, malicious websites, and illicit markets that use Covid-19 vaccines as a lure...

2AI score
Exploits0
OSV
OSV
added 2021/03/15 8:4 p.m.1 views

USN-4765-1 sleuthkit vulnerabilities

It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. CVE-2012-5619 It was discovered that The Sleuth Kit mishandled...

5.5CVSS7.2AI score0.00744EPSS
Exploits1References3
Rows per page
Query Builder