169 matches found
CVE-2021-42980
NoMachine Cloud Server (versions > 4.0.346 and
CVE-2021-42979
NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request...
CVE-2021-42979
The CVE-2021-42979 entry concerns NoMachine Cloud Server where an Integer Overflow in the IOCTL Handler 0x22001B affects versions above 4.0.346 and below 7.7.4. The vulnerability can allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and...
Nomachine NoMachine 输入验证错误漏洞
NoMachine is a remote desktop access tool from NoMachine Nomachine Luxembourg. A security vulnerability exists in NoMachine Cloud Server, which can be exploited by an attacker to execute arbitrary code in kernel mode or cause a denial of service memory corruption and operating system crash via...
SillyRAT - A Cross Platform Multifunctional (Windows/Linux/Mac) RAT
A Cross Platform multifunctional Windows/Linux/Mac RAT. Getting Started Description A cross platform RAT written in pure Python. The RAT accept commands alongside arguments to either perform as the server who accepts connections or to perform as the client/target who establish connections to the...
CVE-2021-23884
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter CSR prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway MWG or the password of the McAfee Web Gateway Cloud Server MWGCS read on...
CVE-2021-23884
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter CSR prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway MWG or the password of the McAfee Web Gateway Cloud Server MWGCS read on...
CVE-2021-23884
CVE-2021-23884 affects the ePO Extension of McAfee Content Security Reporter (CSR). The issue stems from cleartext transmission that lets an ePO administrator view unencrypted credentials (MWG or MWGCS read-only user used for log retrieval). Affected: CSR versions prior to 2.8.0. Mitigation: upgr...
PT-2021-15586 · Mcafee · Mcafee Web Gateway +2
Name of the Vulnerable Software and Affected Versions: McAfee Content Security Reporter CSR versions prior to 2.8.0 Description: The issue allows an ePO administrator to view unencrypted passwords of the McAfee Web Gateway MWG or the McAfee Web Gateway Cloud Server MWGCS read-only user. This occu...
CVE-2020-11922
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...
SQL Injection Vulnerability in Lightbox Cloud Platform Pro
The Lightbox Cloud Platform Pro is an intelligent cloud server management system. Ltd. Lightboat Cloud Platform Pro has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information from the database...
Stripo Inc: No rate limiting for confirmation email lead to huge Mass mailings
this Report based on 997070 Issue Description No rate limit means their is no mechanism to protect against the requests you made in a short frame of time. If the repetition doesn't give any error after 50, 100, 1000 repetitions then their will be no rate limit set. vulnerable has registred in...
The Life Cycle of a Compromised (Cloud) Server
Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released the second in this three-part series of reports which detail the what, how, and why of cybercriminal hosting see the first part here. As part of th...
Leaked Details of 142 Million MGM Hotel Guests Found for Sale Online
Researchers have found 142 million personal details from former guests at the MGM Resorts hotels for sale on the dark web, evidence that a data leak from the hotel chain last summer may be far bigger in scope than previously thought. An advertisement on a hacker forum has put 142,479,937 details...
NTT Communications Data Breach Affects Customers, Threatens Supply Chain
Japan-based systems integrator NTT Communications has disclosed a recent data breach that it said impacted hundreds of customers. The total affected comes to as many as 621 customers, the company said, but security experts worry about the impacts of the data breach due to the company’s positionin...
TrickBot Evolves to Go After SSH Keys
The TrickBot info-stealing malware has updated its password grabber to target data from OpenSSH and OpenVPN applications. OpenSSH is a connectivity tool for remote login with the SSH protocol; it encrypts all traffic to eliminate eavesdropping. OpenVPN meanwhile is used for secure private...
IBM InfoSphere Information Server on Cloud and IBM InfoSphere Information Server Information Disclosure Vulnerabilities
IBM InfoSphere Information Server on Cloud and IBM InfoSphere Information Server are both products of IBM Corporation, U.S.A. IBM InfoSphere Information Server on Cloud is a set of cloud-based data consolidation IBM InfoSphere Information Server is a data integration platform. IBM InfoSphere...
Capital One Hacker Also Accused of Hacking 30 More Companies and CryptoJacking
Former Amazon employee Paige Thompson, who was arrested last month in relation to the Capital One data breach, has been accused of hacking not only the U.S. credit card issuer, but also more than 30 other companies. An indictment unsealed on Wednesday revealed that Thompson not just stole data fr...
CVE-2019-9872
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...
Mysterious database exposed personal information of 80 million US households
Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen...