Lucene search
K

253 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2023/05/09 12:0 a.m.20 views

Managed XDR Investigation of Ducktail in Trend Micro Vision One™

The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different customers...

7.1AI score
Exploits0
NVD
NVD
added 2023/01/17 8:15 p.m.20 views

CVE-2023-23749

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents form the LDAP Database...

7.5CVSS7.7AI score0.0056EPSS
Exploits0References1
NVD
NVD
added 2022/12/26 6:15 a.m.17 views

CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...

8.1CVSS0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.29 views

CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...

8.2AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2022/12/21 10:15 p.m.19 views

CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

9.8CVSS9.6AI score
Exploits0References3
NVD
NVD
added 2022/12/21 10:15 p.m.21 views

CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

9.8CVSS0.00855EPSS
Exploits0References3
Prion
Prion
added 2022/12/21 10:15 p.m.21 views

Format string

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

7.5CVSS9.5AI score0.00855EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/21 10:15 p.m.34 views

CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

9.8CVSS6.7AI score0.00855EPSS
Exploits0References2
CVE
CVE
added 2022/12/21 12:0 a.m.53 views

CVE-2022-4639

CVE-2022-4639 affects sslh, specifically the hexdump function in probe.c of the Packet Dumping Handler. The issue is a format string vulnerability caused by manipulating the msg_info argument, potentially allowing remote exploitation. Patch b19f8a6046b080e4c2e28354a58556bb26040c6f fixes this issu...

9.8CVSS7.6AI score0.00855EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/12/21 12:0 a.m.23 views

CVE-2022-4639 sslh Packet Dumping probe.c hexdump format string

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

5.6CVSS9.8AI score0.00855EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.5 views

sslh 格式化字符串错误漏洞

sslh is an application protocol multiplexer by the individual developer Yves Rutschle. sslh suffers from a Formatted String Error vulnerability that stems from the manipulation of the parameter msginfo of the hexdump function of its Packet Dumping Handler component resulting in a formatted string...

9.8CVSS8.1AI score0.00855EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/21 12:0 a.m.7 views

CVE-2022-4639 sslh Packet Dumping probe.c hexdump format string

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

5.6CVSS9.6AI score0.00855EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/12/21 12:0 a.m.16 views

CVE-2022-4639

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msginfo leads to format string. The attack may be initiated remotely. The name of the...

9.8CVSS9AI score0.00855EPSS
Exploits0
NVD
NVD
added 2022/10/17 4:15 p.m.16 views

CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

6.5CVSS0.00638EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.22 views

CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

6.5AI score0.00638EPSS
Exploits1References1
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/10/05 4:0 p.m.26 views

Detecting and preventing LSASS credential dumping attacks

Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...

0.4AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/10/05 4:0 p.m.31 views

Detecting and preventing LSASS credential dumping attacks

Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...

0.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/10/05 4:0 p.m.25 views

Detecting and preventing LSASS credential dumping attacks

Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...

0.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/10/05 4:0 p.m.29 views

Detecting and preventing LSASS credential dumping attacks

Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...

0.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/09/29 2:32 p.m.38 views

Qualys Threat Research Thursday

Welcome to the second edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our first edition, Introducing Qualys Threat Research...

0.2AI score0.98905EPSS
Exploits6
Rows per page
Query Builder