Lucene search
K

719 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-19191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account...

7.8CVSS7.4AI score0.0048EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/08/13 12:0 a.m.7 views

Social-Sensor Identity Cloning Detection Using Weakly Supervised Deep Forest and Cryptographic Authentication

Recent years have witnessed a rising trend in social-sensor cloud identity cloning incidents. However, existing approaches suffer from unsatisfactory performance, a lack of solutions for detecting duplicated accounts, and a lack of large-scale evaluations on real-world datasets. We introduce a...

7.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/07/31 4:0 p.m.49 views

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

7.8AI score
Exploits0
Veeam
Veeam
added 2025/07/08 12:0 a.m.24 views

How to Register a Service Provider’s Veeam Data Cloud Vault on a Tenant's VBR Server

Legacy Functionality This article explains a method relevant only to Veeam Backup& Replication 13.0.1.1071 and older. Starting in Veeam Backup & Replication 13.0.1.2067, the backup server authorization now communicates directly with Veeam Data Cloud VDC, removing the need to be a License Admin...

5.7AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2025/05/29 10:34 a.m.20 views

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's MSP SimpleHelp remote monitoring and management RMM tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a tri...

9.9CVSS7.4AI score0.95151EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.5 views

CVE-2024-45206

A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.4 views

CVE-2023-3119

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. T...

8.8CVSS7.9AI score0.00734EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.6 views

CVE-2023-22947

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...

7.3CVSS6.8AI score0.00309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.8 views

CVE-2023-34581

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view=2...

9.8CVSS8AI score0.03282EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.6 views

CVE-2023-2349

A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The...

5.4CVSS6.1AI score0.00564EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.7 views

CVE-2023-2345

A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=deleteinquiry. The manipulation leads to improper authorization. The attack may be launched remotel...

9.8CVSS7.6AI score0.00511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.6 views

CVE-2023-2347

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manageservice.php. The manipulation of the argument id leads to sql injection. The attack can be initiated...

9.8CVSS8.1AI score0.0082EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.8 views

CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled...

9.1CVSS7.2AI score0.02448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.8 views

CVE-2023-3644

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=saveinquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated...

9.8CVSS7.7AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.8 views

CVE-2023-2344

A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=saveservice of the component HTTP POST Request Handler. The manipulation of the argument...

9.8CVSS7.5AI score0.00834EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 p.m.13 views

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

8.1CVSS6.8AI score0.00838EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:13 p.m.7 views

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway mus...

6.5CVSS7AI score0.0301EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.4 views

CVE-2019-19191

Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow...

7.8CVSS6.9AI score0.0048EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/04/02 11:25 a.m.21 views

Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers

Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology NIST offers a comprehensive set of frameworks that provide...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/14 12:0 a.m.15 views

FreeBSD : shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages (0b43fac4-005d-11f0-a540-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b43fac4-005d-11f0-a540-6cc21735f730 advisory. The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which...

6AI score
Exploits0References2
Rows per page
Query Builder