Lucene search
K

21 matches found

The Hacker News
The Hacker News
added 2026/02/21 2:49 p.m.23 views

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence AI services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it...

9.8CVSS9.1AI score0.88193EPSS
Exploits7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53180

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01461EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/03/14 7:20 p.m.18 views

Microsoft Defender for Cloud Management Port Exposure Confusion

Prior to March 9, 2023, Microsoft Defender for Cloud incorrectly marked some Azure virtual machines as having secured management ports including SSH port 22/TCP, RDP port 3389/TCP and WINRM port 5985/TCP, when in fact one or more of these ports were exposed to the internet. This occured when the...

6.9AI score
Exploits0
OSV
OSV
added 2022/09/06 7:15 p.m.4 views

CVE-2022-31792

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

5.4CVSS6AI score0.00484EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/06 7:15 p.m.4 views

CVE-2022-31789

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

9.8CVSS6.5AI score0.01461EPSS
Exploits0References2
NVD
NVD
added 2022/09/06 7:15 p.m.26 views

CVE-2022-31789

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

9.8CVSS0.01461EPSS
Exploits0References1
OSV
OSV
added 2022/09/06 7:15 p.m.4 views

CVE-2022-31789

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

9.8CVSS6.4AI score0.01461EPSS
Exploits0References1
Prion
Prion
added 2022/09/06 7:15 p.m.18 views

Integer overflow

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...

7.5CVSS9.8AI score0.01461EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/06 7:15 p.m.22 views

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...

4.9CVSS5.3AI score0.00484EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/13 1:14 a.m.3 views

GHSA-CW54-59PW-4G8C Apache Tomcat Improper Access Control vulnerability

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency...

9.8CVSS7.5AI score0.90338EPSS
Exploits1References60
Broadcom
Broadcom
added 2017/09/29 12:0 a.m.8 views

BSA-2017-443

Security Advisory ID : BSA-2017-443 Component : DHCP Revision : 1.0: Interim A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports...

7.1CVSS7AI score0.73622EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/06/30 12:0 a.m.5 views

The vulnerability of the Apache Tomcat application server allows a hacker to execute arbitrary code.

The vulnerability of the Apache Tomcat application server is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided that the JmxRemoteLifecycleListener handler is used and the malicious actor gains access to the...

7.5CVSS7.3AI score0.90338EPSS
Exploits1References12Affected Software1
CNVD
CNVD
added 2016/08/25 12:0 a.m.2 views

Design Vulnerabilities in Range Networks OpenBTS/OpenBTS-UMTS

Range Networks OpenBTS/OpenBTS-UMTS is software for analog protocol stacks for GSM networks. A design vulnerability exists in Range Networks OpenBTS/OpenBTS-UMTS. Because the device is exposed to external connections, an attacker could exploit this vulnerability to compromise the BTS transceiver...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2016/08/25 12:0 a.m.1 views

Design Vulnerability in OsmoCOM Osmo-TRX/Osmo-BTS

Osmocom is a series of projects on open source mobile communications, including software tools for GSM, DECT, TETRA and other mobile communication standards. A design vulnerability exists in OsmoCOM Osmo-TRX/Osmo-BTS. Due to the exposure of the device to external connections, an attacker could...

6.6AI score
Exploits0References1
CNVD
CNVD
added 2016/08/15 12:0 a.m.0 views

Lenovo PowerV Firewall cli Command Execution Vulnerability

Lenovo PowerV Firewall is a firewall product independently developed by NetGuard. A remote command execution vulnerability exists in the Lenovo Power V Firewall due to a default password. Lenovo Power V series management services run on ports 22 and 23 by default, and provide management interface...

7.7AI score
Exploits0
NVD
NVD
added 2014/09/29 10:55 p.m.20 views

CVE-2013-3068

Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...

6.8CVSS7.1AI score0.00612EPSS
Exploits3References2
Prion
Prion
added 2014/09/29 10:55 p.m.10 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...

6.8CVSS7.6AI score0.00612EPSS
Exploits3References2Affected Software2
Cvelist
Cvelist
added 2014/09/29 10:0 p.m.24 views

CVE-2013-3086

Cross-site request forgery CSRF vulnerability in utilsystem.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports...

7.1AI score0.00612EPSS
Exploits1References2
CVE
CVE
added 2014/09/29 10:0 p.m.32 views

CVE-2013-3068

CVE-2013-3068 describes a cross-site request forgery (CSRF) in the Linksys WRT310Nv2 2.0.0.1 firmware, specifically targeting the apply.cgi endpoint. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform actions such as changing passwords and altering ...

6.8CVSS7.3AI score0.00612EPSS
Exploits3References2Affected Software2
Cvelist
Cvelist
added 2014/09/29 10:0 p.m.27 views

CVE-2013-3068

Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...

7.1AI score0.00612EPSS
Exploits3References2
Rows per page
Query Builder