Lucene search
K

263 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:51 p.m.10 views

CVE-2021-31160

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data...

7.5CVSS6.9AI score0.03517EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/03/24 8:22 a.m.22 views

A week in security (March 17 – March 23)

Last week on Malwarebytes Labs: What Google Chrome knows about you, with Carey Parker Lock and Code S06E06 Personal data revealed in released JFK files Semrush impersonation scam hits Google Ads Targeted spyware and why it’s a concern to us The "free money" trap: How scammers exploit financial...

7.2AI score
Exploits0
OSV
OSV
added 2025/03/21 6:15 a.m.5 views

CVE-2024-50053

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...

5.4CVSS5.8AI score0.01033EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.5 views

The vulnerability of the msp_info_htm() function in D-Link DI-8200 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8200 router microprogramming software is related to the execution of operations outside the buffer during the processing of the flag and cmd parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS6.3AI score0.29695EPSS
Exploits1References3Affected Software1
The Hacker News
The Hacker News
added 2025/02/20 11:30 a.m.6 views

DMARC for PCI DSS 4.0: A Good Practice for Securing Emails

PCI DSS 4.0 encourages the implementation of anti-phishing controls like DMARC! This highlights and reinforces the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. While not a mandate or a requirement for PCI DSS compliance, DMARC and...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:2 a.m.7 views

CVE-2024-6748

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...

8.3CVSS7.9AI score0.23784EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.6 views

The vulnerability of the msp_info_htm function in D-Link DI-8400 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8400 router microprogramming software is related to the lack of measures taken to neutralize special elements used in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands when processing the flag a...

9CVSS5.9AI score0.09139EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/11/21 9:45 a.m.4 views

CVE-2024-51151

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the mspinfohtm function via the flag parameter and cmd parameter...

9.8CVSS5.9AI score0.29695EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.5 views

D-Link DI-8200 安全漏洞

The D-Link DI-8200 is an enterprise router from China-based AUO D-Link. The D-Link DI-8200 suffers from a command injection vulnerability that stems from a remote command execution vulnerability in the flag parameter and cmd parameter of the mspinfohtm function. No details of the vulnerability ar...

9.8CVSS7.9AI score0.29695EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.4 views

D-Link DI-8400 安全漏洞

The D-LINK DI-8400 is an American D-Link router device for home and small business network connectivity. Multiple remote command execution vulnerabilities exist in the mspinfohtm function in the D-LINK DI-8400 version v16.07.26A1 via the flag and cmd parameters. A remote attacker can exploit this...

8CVSS7.9AI score0.09139EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.7 views

PT-2024-8579 · D Link · D-Link Di-8400

Name of the Vulnerable Software and Affected Versions: D-LINK DI-8400 version 16.07.26A1 Description: The issue is related to the msp info htm function in the D-LINK DI-8400 router's firmware, which does not properly neutralize special elements used in a command. This can be exploited by a remote...

9CVSS7.9AI score0.09139EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.6 views

The vulnerability of the ManageEngine Endpoint Central MSP, a software solution for remote monitoring and management of desktop PCs, servers, laptops, and mobile devices, stems from insecure privilege management. This allows attackers to delete any files they desire.

The vulnerability of the ManageEngine Endpoint Central MSP, a software solution for remote monitoring and management of desktop PCs, servers, laptops, and mobile devices, lies in the insecure management of privileges. Exploiting this vulnerability could allow an attacker to delete any files they...

7CVSS5.5AI score0.00316EPSS
Exploits0References3Affected Software1
HackRead
HackRead
added 2024/11/04 12:26 a.m.8 views

The NAKIVO Backup Solution for MSPs: Data Protection for VMware, Microsoft 365, Proxmox and More

Explore the features of the NAKIVO MSP backup solution. Choose one of the best MSP backup software to…...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.5 views

The vulnerability of the msp_info_htm function in D-Link DI-8300 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8300 router microprogramming software is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the GET request...

10CVSS6AI score0.03742EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/08 12:0 a.m.3 views

PT-2024-6374 · D Link · D-Link Di-8300

Name of the Vulnerable Software and Affected Versions: D-Link DI-8300 version 16.07.26A1 Description: The issue is related to the msp info htm function in the D-Link DI-8300 router's firmware, which is vulnerable to command injection. This vulnerability can be exploited by a remote attacker to...

9.8CVSS8.6AI score0.03742EPSS
Exploits1References10
OSV
OSV
added 2024/09/06 4:15 p.m.3 views

CVE-2024-44402

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via mspinfo.htm...

9.8CVSS5.8AI score0.03116EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.6 views

WAYOS FBM-291W 安全漏洞

WAYOS FBM-291W is a wireless router from WAYOS. A security vulnerability exists in WAYOS FBM-291W version v19.09.11. An attacker can exploit the vulnerability to execute commands via mspinfohtm...

8CVSS7.2AI score0.00528EPSS
Exploits1References2
CNVD
CNVD
added 2024/08/29 12:0 a.m.2 views

D-Link DI_8004W msp_info_htm Function Command Execution Vulnerability

D-Link DI8004W is an Internet Behavior Management router designed for small and medium-sized businesses by AUO, supporting 40-50 devices to access the network at the same time. The D-Link DI8004W suffers from a command execution vulnerability that stems from the inclusion of the jhttpd mspinfohtm...

9.8CVSS7.5AI score0.01378EPSS
Exploits1References1
NVD
NVD
added 2024/08/23 3:15 p.m.45 views

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

6.3CVSS0.01202EPSS
Exploits0References1
OSV
OSV
added 2024/08/23 3:15 p.m.3 views

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

6.1CVSS5.8AI score0.01202EPSS
Exploits0References1
Rows per page
Query Builder