SolarWinds Serv-U Managed File Transfer Web client Cross-Site Request Forgery Vulnerability

SolarWinds Serv-U Managed File Transfer Web client MFT is a file transfer client application from the American company SolarWinds. A cross-site request forgery vulnerability exists in the file upload feature of the SolarWinds Serv-U MFT Web client prior to version 15.1.6 Hotfix 2. An attacker can...

CVE-2019-12769

SolarWinds Serv-U Managed File Transfer MFT Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters...

Lock and Code S1Ep2: On the challenges of managed service providers

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challeng...

EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2020-1203)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that bind does not implement reasonable restrictions for zone sizes. This allows an explicitly configured...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-1203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Securing the MSP: best practices for vetting cybersecurity vendors

Ironically, to keep costs low for their enterprise and mid-market clients, managed service providers MSPs are some of the most reliant on third-party vendors—including those providing security. While this is generally not an indication of dysfunction or vulnerability, the responsible MSP will be...

managed-rehab.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1115530 Security Researcher geeknik Helped patch 8722 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting managed-rehab.com website...

Intel SGX and Processor Side Channel Data Leakage Vulnerabilities - Lenovo Support US

No description provided...

Why Businesses Should Consider Managed Cloud-Based WAF Protection

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that...

Remote Code Execution (RCE)

ansible is vulnerable to remote code execution. The vulnerability exists as the package and service modules allows the ansiblefacts'pkgmgr' and ansiblefacts'servicemgr' facts to be set to a module name such as ansiblecollections.namespace.name./tmp/reverse-shell, allowing remote code execution on...

The vulnerability of the managed-keys function in the DNS BIND server allows a attacker to cause a service failure.

The vulnerability of the managed-keys function in the DNS BIND server is related to a key validation error, especially when an unsupported algorithm is used. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Why managed service providers (MSP) are critical for business continuity

With the threat landscape becoming more hostile to businesses, small- and medium-sized businesses SMBs are often finding it difficult to cope. Hence, they turn to managed service providers MSPs for help, not only to keep their businesses going—the concept known as business continuity—but also to...

CVE-2020-8824

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless Access Control Add Managed Device screen...

CVE-2020-8824

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless Access Control Add Managed Device screen...

Design/Logic Flaw

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless Access Control Add Managed Device screen...

CVE-2020-8824

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless Access Control Add Managed Device screen...

DEBIAN-CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

Design/Logic Flaw

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...