Lucene search
K

216 matches found

hivepro
hivepro
added 2023/05/30 11:16 a.m.29 views

A New RAT Named GobRAT Targeting Linux Routers in Japan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GobRAT, a new RAT, is infecting Linux routers in Japan through vulnerable web interfaces, granting attackers remote control and the ability to execute commands. To receive real-time threat advisories,...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.2 views

CVE-2023-20130

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...

6.5CVSS6.6AI score0.00382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.1 views

CVE-2023-20131

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...

6.5CVSS6.1AI score0.00573EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager management systems allows a attacker to execute XSS attacks.

The vulnerability in the web interface for managing monitoring and control systems of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager exists due to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to carry...

5.4CVSS5.8AI score0.0045EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/11 12:0 a.m.6 views

The vulnerability in the web interface for controlling Siemens SCALANCE industrial switches allows a hacker to execute arbitrary code.

The vulnerability in the web interface for controlling Siemens SCALANCE microprogrammable industrial controllers exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.4CVSS6.7AI score0.00545EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.7 views

The vulnerability in the web interface for managing microprogrammed software in Cisco IP Phones 6800, Cisco IP Phone 7800, and Cisco IP Phone 8800 allows a perpetrator to cause a service failure.

The vulnerability of the web-based management interfaces for Cisco IP Phones 6800, 7800, and 8800 is related to the possibility of executing commands. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS7.5AI score0.10314EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/02/03 12:0 a.m.8 views

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming software VPN routers lies in insufficient cleaning of special elements in the output data used by the incoming component. This allows a malicious actor to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming systems lies in insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote...

8.3CVSS7.5AI score0.00964EPSS
Exploits0References4
OSV
OSV
added 2022/10/07 6:15 p.m.5 views

CVE-2022-37890

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS...

9.8CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.5 views

PT-2022-25428 · Unknown · Tacitine Firewall +2

Name of the Vulnerable Software and Affected Versions: Tacitine Firewall versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-35 versions 19.1.1 through 22.20.1 EN6200-PRIME QUAD-100 versions 19.1.1 through 22.20.1 Description: This issue is due to improper session management in the Tacitine Firewal...

9.8CVSS9.3AI score0.00883EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.4 views

PT-2022-22327 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns several APIs on the web system that display sensitive information without authorization, including health statements, previous bills in a specific restaurant, alcohol...

7.5CVSS7.4AI score0.00445EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.9 views

GTAB Software Tabit 信息泄露漏洞

GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing and printing fingerstyle scores for guitar, bass or banjo. GTAB Software Tabit suffers from an information disclosure vulnerability that stems from several APIs on its web system displaying unauthorized...

7.5CVSS7.3AI score0.00445EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/08 12:0 a.m.7 views

The vulnerability of the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition allows a perpetrator to delete arbitrary files.

The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition web interfaces is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to delete...

6.8CVSS7.5AI score0.0109EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.7 views

The vulnerability in the web interfaces of Cisco IOS and Cisco IOS XE systems allows a perpetrator to trigger a service failure or a device restart.

The vulnerability of Cisco IOS and Cisco IOS XE web interfaces is related to improper management of resources in the HTTP server code. Exploiting this vulnerability can allow a malicious actor to trigger a device restart or a service failure remotely...

8.6CVSS6.5AI score0.0111EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.11 views

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, allows a attacker to execute XSS attacks.

The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks...

6.4CVSS6.2AI score0.00714EPSS
Exploits0References2Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow an attacker operating remotely to gai...

4.3CVSS5.5AI score0.01373EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/06/10 12:0 a.m.6 views

The vulnerability of the web-based service interfaces of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.

The vulnerability of the web-service interfaces of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger a service failure through a specially...

8.6CVSS7.2AI score0.01385EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/06/09 12:0 a.m.9 views

The vulnerability of the web-service interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to enhance their privileges.

The vulnerability of the web-service interfaces of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD systems is related to the improper assignment of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially...

9CVSS7.8AI score0.28369EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2022/05/27 2:15 p.m.6 views

CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

7.1CVSS5.8AI score0.00899EPSS
Exploits0References1
Prion
Prion
added 2022/05/26 2:15 p.m.25 views

Design/Logic Flaw

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

3.5CVSS6.5AI score0.00887EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/18 4:0 p.m.7 views

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

6.5CVSS6.6AI score0.00887EPSS
Exploits0References2
Rows per page
Query Builder