Lucene search
+L

375 matches found

NVD
NVD
added 2023/02/11 1:23 a.m.27 views

CVE-2023-0776

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following metho...

10CVSS9.3AI score0.01193EPSS
Exploits0References1
Prion
Prion
added 2023/02/11 1:23 a.m.20 views

Command injection

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following metho...

7.5CVSS9.8AI score0.01193EPSS
Exploits0References1Affected Software4
Securelist
Securelist
added 2023/02/10 10:0 a.m.20 views

Good, Perfect, Best: how the analyst can enhance penetration testing results

Penetration testing is something that many of those who know what a pentest is see as a search for weak spots and well-known vulnerabilities in clients infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered. In truth, it is not so...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/08 11:1 a.m.30 views

How to Think Like a Hacker and Stay Ahead of Threats

To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. During a webinar called The Hacker Mindset, a Red Team Researcher shared how you can use some of these tools for your own...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-4765-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.7AI score0.00744EPSS
Exploits1References2
NVD
NVD
added 2023/01/26 9:18 p.m.21 views

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...

9.6CVSS9.2AI score0.01643EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/01/18 9:30 p.m.18 views

Velociraptor vulnerable to Missing Authorization

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

8.8CVSS8.4AI score0.00544EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2022/10/14 10:1 a.m.35 views

How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch

With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million...

7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/10/13 12:2 p.m.23 views

Not Your Average FIM: Why Customers Choose Qualys FIM

Choosing the right FIM solution is a crucial step for an organization. One should not need professional services just to onboard or manage. Traditional FIM solutions with legacy architecture are either too noisy or too hard to use. The market demands an intelligent FIM solution that is easy to...

0.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.8 views

The vulnerability of the visual analysis tool IBM i2 Analyst’s Notebook arises from buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the IBM i2 Analyst’s Notebook visual analysis tool arises from an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially created file...

7.8CVSS7.9AI score0.00419EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.9 views

The vulnerability of the visual analysis tool IBM i2 Analyst’s Notebook arises from buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the IBM i2 Analyst’s Notebook visual analysis tool arises from an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially created file...

7.8CVSS7.9AI score0.00419EPSS
Exploits0References4Affected Software1
Trellix
Trellix
added 2022/08/11 12:0 a.m.15 views

DotDumper: Automatically Unpacking DotNet based Malware

DotDumper: Automatically Unpacking DotNet Based Malware By Max Kersten · August 11, 2022 The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why the...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/07/26 2:27 p.m.21 views

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. With...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/07/22 2:0 p.m.12 views

Simplify SIEM Optimization With InsightIDR

Two key ways InsightIDR helps customers tailor reporting, detection, and response — without any headaches For far too many years, security teams have accepted that with a SIEM comes compromise. You could have highly tailored and custom rule sets, but it meant endless amounts of tuning and...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/06/13 12:0 a.m.10 views

Addressing Cyber Risk with a Unified Platform

Hear from guest speaker, Forrester analyst, Allie Mellen, as she shares insights and advice on the factors firms should consider when looking at leveraging a security platform for managing the attack surface lifecycle...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2022/05/31 11:0 a.m.12 views

LinkedIn: Improper access control on Linkedin Page

An improper access control vulnerability was discovered on the LinkedIn page, allowing a user with the role of analyst to publish posts even after their role was changed from super admin...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/05/26 12:0 a.m.6 views

The vulnerability of the visual analysis tool IBM i2 Analyst’s Notebook lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the visual analysis tool IBM i2 Analyst’s Notebook relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

9.3CVSS7.9AI score0.01482EPSS
Exploits0References4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/24 6:34 p.m.87 views

Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities

Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...

7.5CVSS1.1AI score0.2241EPSS
Exploits8Affected Software1
The Hacker News
The Hacker News
added 2022/03/29 10:7 a.m.16 views

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation

Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/17 12:33 p.m.25 views

The Golden Hour of Incident Response

As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Finding out what to do is often a daunting task in a critical incident. In addition, the feeling of uneasiness often prevents an incident response analyst from making...

6.7AI score
Exploits0
Rows per page
Query Builder