20 matches found
ScadaBR
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...
The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protective measures for SQL query structures, allows attackers to disclose protected information.
The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
Apache Kylin has Insufficiently Protected Credentials
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
Design/Logic Flaw
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
The vulnerability of FortiWeb web applications’ network firewalls arises from improper processing of output data for registration logs, allowing attackers to replace the traffic logs.
The vulnerability of FortiWeb web applications’ network firewalls is related to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to replace traffic logs through a specially created web page...
The vulnerability of FortiWeb web applications’ network firewalls, caused by buffer overflows in the stack, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications’ network firewalls is caused by buffer overflow on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created XML files...
The vulnerability of FortiWeb web applications’ network firewalls, related to the re-release of memory, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications’ network firewalls is related to the re-release of memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of FortiWeb web applications’ network firewalls, related to overflowing heap-based buffers, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications’ network firewalls is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protection for service data, allows attackers to disclose the protected information.
The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of protection for operational data. Exploiting this vulnerability can allow attackers to disclose protected information through a specially created HTTP request...
The vulnerability of FortiWeb web applications’ network firewalls, related to writing data beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications’ network firewalls is related to writing data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created request...
The vulnerability of FortiWeb web applications’ network firewalls, related to writing data beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications’ network firewalls is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTTP request...
The vulnerability of Sophos’ web administration console for network firewalls allows attackers to execute arbitrary code.
The vulnerability of Sophos’ web administration console for network firewalls relates to the possibility of bypassing authentication. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...
New insights on cybersecurity in the age of hybrid work
As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...
The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary commands.
The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by sending specially crafted SQL queries...
pfSense cross-site scripting vulnerability (CNVD-2021-33242)
pfSense is a set of network firewalls based on FreeBSD Linux. A cross-site scripting vulnerability exists in pfsense version 2.5.0, which stems from not sufficiently sanitizing user-supplied data passed to the serviceswoledit.php script via the Description field. An attacker could exploit this...