56 matches found
CVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...
CVE-2025-3759
Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...
CVE-2025-25297
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...
GHSA-M238-FMCW-WH58 Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
Description Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3endpoint parameter. This endpoint U...
Microsoft Endpoint Configuration Manager RCE (KB29166583)
The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB29166583. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...
Hughes WL3000 Fusion Software 安全漏洞
Hughes WL3000 Fusion Software is a hardware software system from Hughes Corporation, USA. A security vulnerability exists in Hughes WL3000 Fusion Software versions prior to 2.7.0.10 that originates from credentials used to access device configuration information stored unencrypted in flash memory...
CVE-2024-44960
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for...
CVE-2023-37197
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command 'SQL Injection' vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the...
CVE-2023-37197
CVE-2023-37197 describes an SQL Injection in Schneider Electric StruxureWare/Data Center Expert (DCE). The vulnerability arises from improper neutralization of special elements in SQL commands, allowing an authenticated DCE user to access, modify, or delete content or perform unauthorized actions...
Schneider Electric StruxureWare Data Center Expert SQL注入漏洞
Schneider Electric StruxureWare Data Center Expert StruxureWare Data Center Management Expert is a monitoring software from the French company Schneider Electric Schneider Electric. Suitable for a variety of organizations to monitor their company-wide power, cooling, security, environment. A SQL...
PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...
Threat hunting with MITRE ATT&CK and Wazuh
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay...
Microsoft Endpoint Configuration Manager Spoofing (KB15498768)
The Microsoft Endpoint Configuration Manager application installed on the remote host is missing a security hotfix documented in KB15498768. It is, therefore, affected by a spoofing vulnerability. Under some conditions, clients will fallback to NTLM authentication even if NTLM authentication is...
The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices allows a hacker to execute a spear-phishing attack and gain access to sensitive information, due to errors during the authentication process using Kerberos with NTLM.
The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices is related to errors that occur during the authentication process using Kerberos and NTLM. Exploiting this vulnerability allows an attacker to execute a spear-phishing attack and gain access to...
Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager
Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CVE-2022-37972
Microsoft Endpoint Configuration Manager Spoofing Vulnerability...
CVE-2022-37972
Microsoft Endpoint Configuration Manager Spoofing Vulnerability...
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
...
PT-2022-4838 · Microsoft · Endpoint Configuration Manager
Name of the Vulnerable Software and Affected Versions: Microsoft Endpoint Configuration Manager affected versions not specified Description: The issue is related to errors in the authentication process using Kerberos with NTLM. Exploitation of this issue may allow a remote attacker to conduct a...
Microsoft Endpoint Configuration Manager 安全漏洞
Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...