Lucene search
K

33 matches found

Vulnrichment
Vulnrichment
added 2023/04/19 12:0 a.m.8 views

CVE-2023-28123

A permission misconfiguration in UI Desktop for Windows Version 0.59.1.71 and earlier could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later...

5.4AI score0.00163EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.5 views

UI Desktop 安全漏洞

UI Desktop is a desktop management software for the UI community. A security vulnerability exists in UI Desktop versions prior to 0.62.3 that stems from the presence of a permission misconfiguration, which can be exploited by an attacker to potentially hijack VPN credentials during UID VPN startu...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/03/07 1:0 a.m.14 views

Warning issued over Royal ransomware

As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/01 10:3 a.m.23 views

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm eSentire, which disclosed the findings, raised the possibility...

0.6AI score
Exploits0
OSV
OSV
added 2022/06/15 2:15 p.m.3 views

CVE-2022-20145

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for...

9.8CVSS5.9AI score0.06453EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/15 2:15 p.m.6 views

CVE-2022-20145

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for...

10CVSS7.4AI score0.06453EPSS
Exploits0References2
CVE
CVE
added 2022/06/15 1:2 p.m.195 views

CVE-2022-20145

Android CVE-2022-20145 exposes VPN credentials via a downgrade in Vpn.java: startLegacyVpnPrivileged in Android 11, enabling remote privilege escalation when connected to a malicious Wi‑Fi AP and requiring no user interaction. Affected product: Android (Android-11) framework component; vulnerabil...

10CVSS9.1AI score0.06453EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2022/05/30 5:50 a.m.19 views

FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks

Network credentials and virtual private network VPN access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, cou...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/23 6:20 a.m.28 views

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/11 2:14 p.m.25 views

Credential-stealing malware disguises itself as Telegram, targets social media users

A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz. The version analyzed by the researchers was packed with Aspack. The spyware is offered on download sites pretending to be installers for freeware...

0.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/09/24 12:0 a.m.7 views

PT-2021-13733 · Sma100 · Sma100

Name of the Vulnerable Software and Affected Versions: SonicWall SMA 100 series appliances SonicWall SMA 200 SonicWall SMA 210 SonicWall SMA 400 SonicWall SMA 410 SonicWall SMA 500v versions prior to the fixed version Description: A command injection vulnerability exists in the web management...

9CVSS8.7AI score0.0389EPSS
Exploits0References61
Packet Storm
Packet Storm
added 2015/01/29 12:0 a.m.59 views

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF:...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2012/08/16 9:29 p.m.6 views

Airport VPN hacked using Citadel malware

It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network VPN credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being...

7.2AI score
Exploits0
Rows per page
Query Builder