7614 matches found
CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Today, CISA, Federal Bureau of Investigation FBI, and U.S. Cyber Command’s Cyber National Mission Force CNMF published a joint Cybersecurity Advisory CSA, Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical...
PT-2023-5296 · Unknown · Mod3Gp-Sy-120K
Name of the Vulnerable Software and Affected Versions: MOD3GP-SY-120K affected versions not specified Description: The web application of MOD3GP-SY-120K contains a persistent cross-site scripting XSS issue. This allows an authenticated remote attacker to inject an XSS payload into the MAIL RCV...
CVE-2023-41107
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...
Cross site scripting
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...
CVE-2023-41107
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...
CVE-2023-39370
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
Cross site scripting
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370 StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370 StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...
CVE-2023-39370
CVE-2023-39370 affects StarTrinity Softswitch, specifically version 2023-02-16, with a Persistent XSS vulnerability (CWE-79) in the web UI. Root cause is improper handling of user-supplied input leading to script injection. Documented impact includes confidentiality and integrity concerns (per CV...
PT-2023-26899 · Startrinity · Startrinity Softswitch
Name of the Vulnerable Software and Affected Versions: StarTrinity Softswitch version 2023-02-16 Description: The issue is related to a Persistent XSS CWE-79 in StarTrinity Softswitch. Recommendations: For StarTrinity Softswitch version 2023-02-16, at the moment, there is no information about a...
Malicious code in emon-testt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc3e1ddd0c9bd0c6e361f9383435fa90d24ddfb9642622862818d1aecfe88d29 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mmolecule-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a6a1f18648beba2a8938064ff1661d516c95d8940377de4bcd2f938360b9588 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Earth Estries Targets Government, Tech for Cyberespionage
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures TTPs employed, we observed overlaps with the advanced persistent threat APT group FamousSparrow as Earth Estries targets governments and...
CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
CVE-2023-23773
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
Input validation
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...