ROS-20260224-73-0014

Vulnerability in moodle related to information disclosure during data transfer. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

CVE-1999-0253

IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . dot in the URL...

Why top SOC teams are shifting to Network Detection and Response

Security Operations Center SOC teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” i...

The software client’s vulnerability for providing remote access with SonicWall NetExtender allows a intruder to gain access to modify data.

The vulnerability of the software client for remote access support provided by SonicWall NetExtender is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify data...

The software for user access control of applications and data in Ivanti Workspace Control (IWC) makes it possible for a intruder to increase their privileges.

The vulnerability of the software for controlling user access to applications and data in Ivanti Workspace Control IWC is related to the implementation of security features at the client side. Exploiting this vulnerability can allow attackers to enhance their privileges...

Why NDR is Key to Cyber 'Pest Control'

Intruders are drawn to enterprise IT environments the way mice are attracted to houses. And once either kind of invader is inside, they can be hard to get out. Network detection and response NDR lets you trace intruders’ pathways to find out where they’re coming in—and seal the gaps...

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system, related to the lack of protection for operational data, allows a intruder to gain unauthorized access to confidential information.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protection for operational data. Exploiting this vulnerability could allow an intruder, operating remotely, to gain unauthorized access to confidential information...

The vulnerability of Telit Cinterion modem microprogramming software, related to the disclosure of information through variable environments, allows a intruder to gain access to protected information.

The vulnerability of Telit Cinterion modem microprogramming software is related to the disclosure of information through variable environments. Exploiting this vulnerability can allow an intruder to gain access to protected information...

The Haunted House of IoT: When Everyday Devices Turn Against You

In todays interconnected world, the Internet of Things IoT promises convenience and innovation. From smart fridges that tell you when youre out of milk to connected light bulbs that adjust to your mood, the future seems to be right at our fingertips. What happens when these devices, designed to...

The vulnerability of the microprogrammed servo system software of Kinetix 5500 allows a intruder to gain unauthorized access to the device.

The vulnerability of the Kinetix 5500 servo-controller software-related microprogramming systems is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder, operating locally, to gain unauthorized access to the device using network protocols like telnet or...

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause malfunctions in the service operation...

Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Authentication Bypass Description: The malwa...

The vulnerability of the WMDLCDRV.ini driver of the software used for configuring SCADA systems such as MOSCAD/STS Toolbox and StarControls staRTU allows a intruder to gain unauthorized access to protected information.

The vulnerability of the wmdlcdrv.ini driver of the SCADA system software for MOSCAD/STS Toolbox and StarControls staRTU lies in the use of rigidly encrypted user credentials. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

ROS-20220323-01

A vulnerability in the phpMyAdmin web interface for DBMS administration is related to the application's excessive output of data in the "lang" and "pmaparameter" parameters and in the cookie section. data in the "lang", "pmaparameter" parameters and cookie section. Exploitation of the vulnerabili...

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automat...

The vulnerability of Intel Ethernet I210 controller’s microprogramming software, related to access control deficiencies, allows a intruder to trigger a service failure.

The vulnerability of Intel Ethernet I210 controller microprogramming software is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Frappe Authorization Issues Vulnerability

Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from the Frappe team. A security vulnerability exists in Frappe two-factor authentication, which stems from the fact that the system also responds by sending a 2fa secret key during two-factor...

The vulnerability of Cisco Webex Meetings software, related to lack of access control, allows a intruder to connect to a password-protected meeting.

The vulnerability of Cisco Webex Meetings software is related to lack of access control. Exploiting this vulnerability allows a malicious actor to connect to a password-protected meeting, by entering a known meeting ID or the URL address of the meeting through a mobile browser...

The vulnerability of Microprogrammed Software for Surface Hub sensory displays, related to access control deficiencies, allows a intruder to gain access to settings that are only accessible to administrators.

The vulnerability of Microprogrammed Software for Surface Hub sensory displays is related to access control deficiencies. Exploiting this vulnerability could allow a intruder to gain access to settings that are only accessible to administrators...