33 matches found
CVE-2018-20878
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface SEC-441...
Top MITRE ATT&CK Tactics and Techniques Leveraged in 2023
The Qualys Threat Research Unit has mapped vulnerabilities and misconfigurations to the MITRE ATT&CK framework tactics and techniques to help you get the attacker’s view. They have also analyzed vulnerabilities and misconfigurations across all our customers to find the top tactics and techniques...
File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter
Overview A File and Directory Permissions Vulnerability exists in Hitachi Storage Plug-in for VMware vCenter. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor...
CVE-2023-6457 File and Directory Permission Vulnerability in Hitachi Tuning Manager
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows Hitachi Tuning Manager server component allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...
CVE-2020-36611 File and Directory Permission Vulnerability in Hitachi Tuning Manager
Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components allows local users to read and write specific...
APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...
Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...
AlmaLinux 8 : samba (ALSA-2021:1647)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1647 advisory. - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, usin...
Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables
THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...
Oracle Linux 8 : samba (ELSA-2021-1647)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1647 advisory. - resolves: 1891688 - Fix CVE-2020-14323 - resolves: 1892633 - Fix CVE-2020-14318 - resolves: 1892639 - Fix CVE-2020-14383 - resolves: 1879835 - Fix...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1533)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1517)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 7 : samba (ELSA-2020-5439)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5439 advisory. - resolves: 1892632 - Fix CVE-2020-14318 - resolves: 1891687 - Fix CVE-2020-14323 - resolves: 1879834 - Fix CVE-2020-1472 Tenable has extracted the...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2491)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : ruby (RHSA-2019:2028)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2028 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
CVE-2018-20878
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface SEC-441...
Design/Logic Flaw
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface SEC-441...
CVE-2018-20878
CVE-2018-20878 affects cPanel prior to 74.0.8, where a stored XSS vulnerability exists in the WHM “File and Directory Restoration” interface (SEC-441). The CNVD entry notes the issue stems from a lack of proper validation of client-side data in the WEB application. Connected records consistently ...