112 matches found
IPDevicePenTest
IPDevicePenTest Automated penetration testing framework for...
Lessons from Smart Switching: Rethinking Security and Performance
Microsegmentation built directly into the network infrastructure means that stronger network security no longer equals slower systems...
PT-2025-43547
Name of the Vulnerable Software and Affected Versions Captive Portal affected versions not specified Description A security issue exists in Captive Portal that may lead to the disclosure of sensitive information. The issue affects network infrastructure. Approximately 100 million devices worldwid...
EUVD-2013-5701
Malware in sbrugna...
EUVD-2018-0542
Malware in sbrugna...
EUVD-2023-30251
Malicious code in bioql PyPI...
The vulnerability of the Versa Director network infrastructure management software platform, related to the use of default credentials, allows a perpetrator to gain unauthorized access to the platform.
The vulnerability of the Versa Director network infrastructure management software platform is related to the use of default credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the platform remotely...
Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics
Over the next few weeks, we're breaking down the most critical sections of our 2024 Year in Review. This week, we examine the most frequently targeted vulnerabilities--particularly those affecting network infrastructure. We also detail a noticeable shift in adversary behavior, as threat actors mo...
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX Series routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying...
The vulnerability of the SFTP module in the software for managing network infrastructure of SINEC INS allows a perpetrator to execute arbitrary code.
The vulnerability of the SFTP module in the SINEC INS software for managing network infrastructure is related to errors in file upload path cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Siemens SINEC INS Using Hardcoded Encryption Keys Vulnerability
Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...
Siemens SINEC INS 安全漏洞
Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...
Toyota confirms customer and employee data stolen, says breach at third party to blame
Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. ZeroSevenGroup posted the...
CVE-2024-5328
A Server-Side Request Forgery SSRF vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An...
CVE-2024-5328
CVE-2024-5328 affects lunary-ai/lunary. The issue is a SSRF in the /auth/saml/tto/download-idp-xml endpoint where user-supplied URLs are not validated before being used in server-side requests. Consequences described include disclosure of sensitive information, potential service disruption, and t...
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-34161 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
CVE-2024-29008
CVE-2024-29008 concerns Apache CloudStack’s extraconfig (additional VM configuration) feature. In KVM environments, incorrect access control allows users who can deploy or modify VMs to configure extra VM settings even when the feature is disabled, enabling attachment of host devices (storage dis...