54 matches found
EUVD-2021-21695
Malware in sbrugna...
EUVD-2022-29285
Malicious code in bioql PyPI...
EUVD-2022-15990
Malicious code in bioql PyPI...
Fidelis Network Deception Command Injection Vulnerability (CNVD-2022-59169)
Fidelis Network Deception is a security product from Fidelis USA, Inc. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from the CommandPost cplp parameter when using the checkverticaupgrade value. Command injection exists, and an attacker can use...
Fidelis Network Deception Command Injection Vulnerability
Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A command injection vulnerability exists in...
CVE-2022-24392
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feedcommtest” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and...
CVE-2022-24393
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “checkverticaupgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-24394
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-24394
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-24392
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feedcommtest” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and...
CVE-2022-24393
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “checkverticaupgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-24391
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...
CVE-2022-24391
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...
Command injection
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “checkverticaupgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
Sql injection
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...
Command injection
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feedcommtest” value for the “feed” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and...
Command injection
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-0997 Local Privilege Escalation Vulnerability in Fidelis Network and Deception
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...
CVE-2022-24388 Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
CVE-2022-24390
The CVE concerns Fidelis Network and Deception products with a vulnerability in rconfig’s remote_text_file that, on versions prior to 9.4.5, allows an attacker with CLI user-level access to inject commands into Fidelis components (CommandPost, Collector, Sensor, Sandbox) and neighboring Fidelis c...