Lucene search
K

19630 matches found

The Hacker News
The Hacker News
added 2024/07/29 4:56 a.m.30 views

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

8AI score
Exploits0
NVD
NVD
added 2024/07/29 4:15 a.m.21 views

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

8.8CVSS0.03086EPSS
Exploits1References4
OSV
OSV
added 2024/07/29 4:15 a.m.4 views

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

8.8CVSS6.3AI score0.03086EPSS
Exploits1References4
OSV
OSV
added 2024/07/29 1:15 a.m.5 views

CVE-2024-7175

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated...

8.8CVSS5.6AI score0.03086EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.5 views

PT-2024-38137 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found that affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection...

8.8CVSS7AI score0.03086EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.4 views

The vulnerability of the Gogs self-managed Git repository creation software lies in improper code generation management, allowing attackers to execute arbitrary commands.

The vulnerability of the Gogs self-managed Git repository creation software is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

9.9CVSS6.2AI score0.1718EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/07/28 2:15 p.m.3 views

CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

8.8CVSS5.7AI score0.03086EPSS
Exploits1References4
CVE
CVE
added 2024/07/28 1:31 p.m.56 views

CVE-2024-7158

CVE-2024-7158 affects TOTOLINK A3100R (v4.1.2cu.5050_B20200504). The vulnerability is in the HTTP POST Request Handler’s setTelnetCfg function (/cgi-bin/cstecgi.cgi): manipulation of the telnet_enabled argument enables command injection. Impact is remote exploitation with potential high severity ...

8.8CVSS7AI score0.03086EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.6 views

PT-2024-38120 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3100R version 4.1.2cu.5050 B20200504 Description: A critical issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi in the HTTP POST Request Handler component. The manipulation of the telnet enabled argument leads ...

8.8CVSS7AI score0.03086EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2024/07/26 6:19 a.m.22 views

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of...

8.3AI score
Exploits0
OSV
OSV
added 2024/07/26 5:15 a.m.5 views

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible...

9.8CVSS5.5AI score
Exploits0References4
CNVD
CNVD
added 2024/07/25 12:0 a.m.18 views

SQL Injection Vulnerability in FineReport of SailSoft Software Limited (CNVD-2024-33679)

FineReport is reporting software tool. SQL injection vulnerability exists in FineReport of SailSoft Software Ltd. The vulnerability is due to the existence of unauthorized sql injection in the /view/ReportServer interface, which can be exploited by an attacker to write to a file using sql...

8.4AI score
Exploits0References1
OSV
OSV
added 2024/07/24 2:15 p.m.2 views

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

9.8CVSS5.9AI score0.53535EPSS
Exploits3References3
NVD
NVD
added 2024/07/24 2:15 p.m.32 views

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

9.8CVSS0.53535EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2024/07/24 2:3 p.m.38 views

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

9.8CVSS7.5AI score0.53535EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/07/24 2:3 p.m.63 views

CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.0.1-61, Acronis Cyber Infrastructure ACI before build 5.1.1-71, Acronis Cyber Infrastructure ACI before build 5.2.1-69, Acronis Cyber Infrastructure ACI...

9.8CVSS0.53535EPSS
Exploits3References2
CVE
CVE
added 2024/07/24 2:3 p.m.300 views

CVE-2023-45249

CVE-2023-45249 affects Acronis Cyber Infrastructure (ACI) prior to builds 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132.** The vulnerability is a remote command execution caused by the use of default passwords, enabling an attacker to gain administrative access via the ACI Web Portal and ...

9.8CVSS7.3AI score0.53535EPSS
In wildExploits3References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/07/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-45249

Acronis Cyber Infrastructure ACI allows an unauthenticated user to execute commands remotely due to the use of default passwords...

9.8CVSS5.9AI score0.53535EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.5 views

PT-2024-29287 · Hewlett Packard · Hpe Aruba Networking Edgeconnect Sd-Wan Gateway

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN gateway affected versions not specified Description: A vulnerability exists in the Command Line Interface of the HPE Aruba Networking EdgeConnect SD-WAN gateway, allowing remote authenticated users to r...

7.2CVSS7.2AI score0.00682EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.3 views

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

7.2CVSS7.1AI score0.00682EPSS
Exploits0References2
Rows per page
Query Builder