263 matches found
CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data...
A week in security (March 17 – March 23)
Last week on Malwarebytes Labs: What Google Chrome knows about you, with Carey Parker Lock and Code S06E06 Personal data revealed in released JFK files Semrush impersonation scam hits Google Ads Targeted spyware and why it’s a concern to us The "free money" trap: How scammers exploit financial...
CVE-2024-50053
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature...
The vulnerability of the msp_info_htm() function in D-Link DI-8200 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the mspinfohtm function in D-Link DI-8200 router microprogramming software is related to the execution of operations outside the buffer during the processing of the flag and cmd parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
DMARC for PCI DSS 4.0: A Good Practice for Securing Emails
PCI DSS 4.0 encourages the implementation of anti-phishing controls like DMARC! This highlights and reinforces the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. While not a mandate or a requirement for PCI DSS compliance, DMARC and...
CVE-2024-6748
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...
The vulnerability of the msp_info_htm function in D-Link DI-8400 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the mspinfohtm function in D-Link DI-8400 router microprogramming software is related to the lack of measures taken to neutralize special elements used in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands when processing the flag a...
CVE-2024-51151
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the mspinfohtm function via the flag parameter and cmd parameter...
D-Link DI-8200 安全漏洞
The D-Link DI-8200 is an enterprise router from China-based AUO D-Link. The D-Link DI-8200 suffers from a command injection vulnerability that stems from a remote command execution vulnerability in the flag parameter and cmd parameter of the mspinfohtm function. No details of the vulnerability ar...
D-Link DI-8400 安全漏洞
The D-LINK DI-8400 is an American D-Link router device for home and small business network connectivity. Multiple remote command execution vulnerabilities exist in the mspinfohtm function in the D-LINK DI-8400 version v16.07.26A1 via the flag and cmd parameters. A remote attacker can exploit this...
PT-2024-8579 · D Link · D-Link Di-8400
Name of the Vulnerable Software and Affected Versions: D-LINK DI-8400 version 16.07.26A1 Description: The issue is related to the msp info htm function in the D-LINK DI-8400 router's firmware, which does not properly neutralize special elements used in a command. This can be exploited by a remote...
The vulnerability of the ManageEngine Endpoint Central MSP, a software solution for remote monitoring and management of desktop PCs, servers, laptops, and mobile devices, stems from insecure privilege management. This allows attackers to delete any files they desire.
The vulnerability of the ManageEngine Endpoint Central MSP, a software solution for remote monitoring and management of desktop PCs, servers, laptops, and mobile devices, lies in the insecure management of privileges. Exploiting this vulnerability could allow an attacker to delete any files they...
The NAKIVO Backup Solution for MSPs: Data Protection for VMware, Microsoft 365, Proxmox and More
Explore the features of the NAKIVO MSP backup solution. Choose one of the best MSP backup software to…...
The vulnerability of the msp_info_htm function in D-Link DI-8300 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the mspinfohtm function in D-Link DI-8300 router microprogramming software is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the GET request...
PT-2024-6374 · D Link · D-Link Di-8300
Name of the Vulnerable Software and Affected Versions: D-Link DI-8300 version 16.07.26A1 Description: The issue is related to the msp info htm function in the D-Link DI-8300 router's firmware, which is vulnerable to command injection. This vulnerability can be exploited by a remote attacker to...
CVE-2024-44402
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via mspinfo.htm...
WAYOS FBM-291W 安全漏洞
WAYOS FBM-291W is a wireless router from WAYOS. A security vulnerability exists in WAYOS FBM-291W version v19.09.11. An attacker can exploit the vulnerability to execute commands via mspinfohtm...
D-Link DI_8004W msp_info_htm Function Command Execution Vulnerability
D-Link DI8004W is an Internet Behavior Management router designed for small and medium-sized businesses by AUO, supporting 40-50 devices to access the network at the same time. The D-Link DI8004W suffers from a command execution vulnerability that stems from the inclusion of the jhttpd mspinfohtm...
CVE-2024-41150
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...
CVE-2024-41150
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...