638 matches found
Cyber Threats Targeting the US Government During the Democratic National Convention
Cyber Threats Targeting the US Government During the Democratic National Convention By Anne An · October 2, 2024 Introduction Trellix global sensors detected increased threat activities during the days that the Democratic National Convention DNC was held in August 2024, culminating into a massive...
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans RATs. The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation an...
Alisonic Sibylla
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...
OPW Fuel Management Systems SiteSentinel
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OPW Fuel Managements Systems Equipment : SiteSentinel Vulnerability : Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-44112
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks
A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...
CVE-2024-37171
SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...
CVE-2024-37171 [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)
SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...
CVE-2024-37171 [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)
SAP Transportation Management Collaboration Portal allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. This will trigger the application handler to send a request to an unintended service, which may reveal information about that...
SAP Transportation Management Code Issue Vulnerability
SAP Transportation Management is an integrated transportation fleet and logistics management application from SAP, Germany, that helps organizations reduce complexity, increase efficiency and agility to build a more sustainable and risk-resilient supply chain. A code issue vulnerability exists in...
PT-2024-9896 · Sap · Sap Transportation Management
Name of the Vulnerable Software and Affected Versions: SAP Transportation Management Collaboration Portal affected versions not specified Description: The issue allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application, triggering the...
Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks
The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...
alpitronic Hypercharger EV charger
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: alpitronic Equipment: Hypercharger EV charger Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker disabling...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure
CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an...
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure Vulnerability
An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account,...
IOSIX IO-1020 Micro ELD
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable from adjacent network/Low attack complexity Vendor : IOSiX Equipment : IO-1020 Micro ELD Vulnerabilities : Use of Default Credentials, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...