30 matches found
CVE-2020-28998
An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements...
BazaCall: Phony call centers lead to exfiltration and ransomware
Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media. Apart...
BazaCall: Phony call centers lead to exfiltration and ransomware
Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media. Apart...
Server-Side Request Forgery (SSRF)
unoconv is vulnerable to server-side request forgery SSRF. The vulnerability exists because it does not validate the user supplied input pathnames, allowing a remote attacker to have full or partial control of the request to be executed in the context of the server process worker...
CVE-2019-7617
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...
CVE-2017-17310
Electronic Numbers to URI Mapping ENUM module in some Huawei products DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a buffer error vulnerability. An...
Cisco Releases Security Updates
Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device. Users and administrators are encouraged to review the following Cisco Security Advisories and appl...
Adobe Releases Security Updates for Reader, Acrobat, and Flash Player
Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins...
Internet Explorer Heap Spray Shell Code Execution (MS06-055 MS06-067; CVE-2006-4446; CVE-2006-4777; CVE-2006-4868; CVE-2009-2991)
Heap spraying is a new and increasingly popular technique to exploit vulnerabilities in Internet browsers. Heap spraying is used by attackers to implant a shell code on a target system. Shell code is a piece of executable code that opens a command shell that the attacker can control remotely...
Security Update for Windows Embedded Standard 7 (KB2758857)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Server 2003 x64 Edition (KB975254)
A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Server 2003 (KB2584146)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Server 2008 x64 Edition (KB2631813)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Server 2003 x64 Edition (KB972554)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Vista (KB2698365)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656374)
A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2579686)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...