361 matches found
GeoVision EOL Operating System Command Injection Vulnerability
GeoVision EOL is a series of surveillance devices from GeoVision Japan. The GeoVision EOL suffers from an operating system command injection vulnerability that stems from an inability to properly filter user input. A remote attacker could exploit this vulnerability to inject and execute arbitrary...
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage NAS devices that have currently reached end-of-life EoL status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
Exploit for CVE-2024-24919 Description This Python script...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
CVE-2024-24919-Check-Point-Remote-Access-VPN CVE-2024-24919...
CVE-2024-28826 Unrestricted upload and download paths in check_sftp
Improper restriction of local upload and download paths in checksftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 EOL allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server...
Exploit for Use of Hard-coded Credentials in Dlink Dns-320L_Firmware
Dinkleberry 🫐 Are you one of the 92,000+ people1 stuck with a...
Microsoft Windows 10 1703 Education SEoL
Microsoft Windows 10 1703 Education is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...
ManageEngine Applications Manager SEoL (14.0.x)
According to its version, ManageEngine Applications Manager is 14.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...
ManageEngine Applications Manager SEoL (13.0.x)
According to its version, ManageEngine Applications Manager is 13.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...
TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...
CVE-2024-28824 Privilege escalation in mk_informix plugin
Least privilege violation and reliance on untrusted inputs in the mkinformix Checkmk agent plugin before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows local users to escalate privileges...
CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin
Invocation of the sqlplus command with sensitive information in the command line in the mkoracle Checkmk agent plugin before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows the extraction of this information from the process list...
CVE-2024-0670
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 EOL allows local user to escalate privileges...
CVE-2024-0670
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 EOL allows local user to escalate privileges...
CSAM Drives Accurate TruRisk Scoring with EoL/EoS, Unauthorized Software, and Missing Security Agents
With the release of the Enterprise TruRisk Platform, Qualys is focusing each of its cyber security solutions on the more holistic goals of measuring, communicating, and eliminating cyber risk across the extended enterprise. Each offering within the platform works together, driving toward these...
CVE-2024-21490
This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in...
CVE-2024-21490
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...
Input validation
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...
CVE-2024-21490
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...
CVE-2024-21490
This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in...