Lucene search
K

89 matches found

OSV
OSV
added 2024/05/15 5:45 p.m.7 views

GHSA-32RX-XVVR-4XV9 easyadmin-extension-bundle action case insensitivity

In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access...

7.1CVSS7AI score
Exploits0References3
Malwarebytes
Malwarebytes
added 2024/02/28 5:11 p.m.18 views

ALPHV is singling out healthcare sector, say FBI and CISA

In an updated StopRansomware security advisory, the Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS has warned the healthcare industry about the danger of the ALPHV ransomware group, also known as...

7.4AI score
Exploits0
NVD
NVD
added 2024/02/06 10:16 p.m.11 views

CVE-2023-42765

An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration...

5.4CVSS5.7AI score0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/09/11 7:15 p.m.2 views

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

9.8CVSS6AI score0.01932EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.7 views

PT-2023-25323 · Safe · Fme Server +1

Name of the Vulnerable Software and Affected Versions: Safe Software FME Server versions prior to 2022.2.5 FME Flow versions prior to 2023.0 Description: A directory traversal issue allows an attacker to bypass validation when editing a network-based resource connection, resulting in unauthorized...

8.1CVSS7.8AI score0.01464EPSS
Exploits0References5
CISA
CISA
added 2023/06/06 12:0 p.m.4 views

CISA and Partners Release Joint Guide to Securing Remote Access Software

Today, CISA, Federal Bureau of Investigation FBI, the National Security Agency NSA, Multi-State Information Sharing and Analysis Center MS-ISAC, and the Israel National Cyber Directorate INCD released the Guide to Securing Remote Access Software. This new joint guide is the result of a...

7.2AI score
Exploits0References5
The Hacker News
The Hacker News
added 2023/02/08 6:16 a.m.51 views

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with...

1.4AI score
Exploits0
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.5 views

IBM i 代码问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0, which stems from a vulnerability that could allow a...

7.2CVSS7.2AI score0.00337EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/10/24 12:0 a.m.8 views

The vulnerability of the RealVNC remote access software lies in the ability to execute files located at %TEMP%, as they are owned by the SYSTEM account. This allows attackers to gain higher privileges.

The vulnerability of the RealVNC remote access software is related to the possibility of executing files located at %TEMP% as SYSTEM. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.2AI score0.0066EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/20 12:0 a.m.26 views

Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access

The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...

9.8CVSS5AI score0.05116EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2022/08/10 10:13 a.m.33 views

Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio. The attack, which transpired around the...

0.2AI score
Exploits0
OSV
OSV
added 2022/05/24 4:52 p.m.3 views

GHSA-7G5J-Q8QJ-8984 Magento Insecure Direct Object Reference (IDOR) vulnerability

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...

4.9CVSS5AI score0.0073EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 5:23 a.m.14 views

TYPO3 allows remote attackers to obtain the database name via a direct request

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

5CVSS7.1AI score0.03091EPSS
Exploits0References6Affected Software1
hivepro
hivepro
added 2022/02/07 2:23 p.m.21 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.4 views

Teradici PCOIP Software Agent 安全漏洞

The Teradici PCoIP Software Agent is part of the Teradici Cloud Access Software from Teradici Canada. A PCoIP client can be used to connect to virtual desktops either directly or through a connection agent. A security vulnerability exists in the Teradici PCOIP Software Agent that could be exploit...

7.8CVSS7.6AI score0.00281EPSS
Exploits0References2
RustSec
RustSec
added 2021/01/07 12:0 p.m.16 views

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...

7.5CVSS1AI score0.01327EPSS
Exploits1Affected Software1
ThreatPost
ThreatPost
added 2020/08/05 10:27 p.m.36 views

Black Hat 2020: In a Turnaround, Voting Machine Vendor Embraces Ethical Hackers

Voting machine-maker Election Systems & Software ES&S has formally announced a vulnerability disclosure policy, Wednesday, during a Black Hat USA 2020 session. The move, which comes with the U.S. presidential elections looming in November, shows that voting-machine vendors are beginning to take t...

7AI score
Exploits0References10
Microsoft KB
Microsoft KB
added 2020/04/14 7:0 a.m.58 views

Description of the security update for Office 2016: April 14, 2020

Description of the security update for Office 2016: April 14, 2020 Summary This security update resolves remote code execution vulnerabilities that exist in Microsoft Access software when the software fails to properly handle objects in memory. To learn more about these vulnerabilities, see...

9.3CVSS8.3AI score0.11548EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.29 views

Elasticsearch files access

snapshot API files access...

6CVSS2AI score0.0445EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/09/15 12:0 a.m.553 views

PCI DSS Compliance : Remote Access Software Has Been Detected

Due to increased risk to the cardholder data environment when remote access software is present, 1 justify the business need for this software to the ASV and confirm it is implemented securely, or 2 confirm it is disabled/ removed. Consult your ASV if you have questions about this Special Note...

5.5AI score
Exploits0
Rows per page
Query Builder