21 matches found
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence AI services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it...
EUVD-2022-53180
Malicious code in bioql PyPI...
Microsoft Defender for Cloud Management Port Exposure Confusion
Prior to March 9, 2023, Microsoft Defender for Cloud incorrectly marked some Azure virtual machines as having secured management ports including SSH port 22/TCP, RDP port 3389/TCP and WINRM port 5985/TCP, when in fact one or more of these ports were exposed to the internet. This occured when the...
CVE-2022-31789
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
CVE-2022-31789
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
CVE-2022-31792
A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...
CVE-2022-31789
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
Integer overflow
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fix...
GHSA-CW54-59PW-4G8C Apache Tomcat Improper Access Control vulnerability
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency...
BSA-2017-443
Security Advisory ID : BSA-2017-443 Component : DHCP Revision : 1.0: Interim A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports...
The vulnerability of the Apache Tomcat application server allows a hacker to execute arbitrary code.
The vulnerability of the Apache Tomcat application server is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided that the JmxRemoteLifecycleListener handler is used and the malicious actor gains access to the...
Design Vulnerabilities in Range Networks OpenBTS/OpenBTS-UMTS
Range Networks OpenBTS/OpenBTS-UMTS is software for analog protocol stacks for GSM networks. A design vulnerability exists in Range Networks OpenBTS/OpenBTS-UMTS. Because the device is exposed to external connections, an attacker could exploit this vulnerability to compromise the BTS transceiver...
Design Vulnerability in OsmoCOM Osmo-TRX/Osmo-BTS
Osmocom is a series of projects on open source mobile communications, including software tools for GSM, DECT, TETRA and other mobile communication standards. A design vulnerability exists in OsmoCOM Osmo-TRX/Osmo-BTS. Due to the exposure of the device to external connections, an attacker could...
Lenovo PowerV Firewall cli Command Execution Vulnerability
Lenovo PowerV Firewall is a firewall product independently developed by NetGuard. A remote command execution vulnerability exists in the Lenovo Power V Firewall due to a default password. Lenovo Power V series management services run on ports 22 and 23 by default, and provide management interface...
CVE-2013-3068
Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...
CVE-2013-3086
Cross-site request forgery CSRF vulnerability in utilsystem.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports...
CVE-2013-3068
CVE-2013-3068 describes a cross-site request forgery (CSRF) in the Linksys WRT310Nv2 2.0.0.1 firmware, specifically targeting the apply.cgi endpoint. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform actions such as changing passwords and altering ...
CVE-2013-3068
Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...