32 matches found
CVE-2023-38293
CVE-2023-38293 concerns Nokia C200/C100 devices with a pre-installed com.tracfone.tfstatus app. It allows local third-party apps to inject and execute arbitrary AT commands in the radio context by exploiting two input/injection techniques via a broadcast to com.tracfone.tfstatus/.TFStatus, with n...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
!-- Exploit Title: Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...
SolarWinds Blames Intern for 'solarwinds123' Password Lapse
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password "solarwinds123" was originally...
Injecting a Backdoor into SolarWinds Orion
Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticles malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors...
Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called "Sunspot," the malignant tool ad...
New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...
SDWAN: NITRO API command to export configuration
How to export SDWAN configuration through NITRO API ? Please use the below command to export SDWAN configuration through NITRO API: NOTE: The configuration export NITRO API command is available only from 10.2 build. First login to SDWAN device through NITRO API using below command .Then Export th...
SUSE-SU-2017:1311-1 Security update for mariadb
This update for mariadb fixes the following issues: - update to MariaDB 10.0.30 GA notable changes: XtraDB updated to 5.6.35-80.0 TokuDB updated to 5.6.35-80.0 PCRE updated to 8.40 MDEV-11027: better InnoDB crash recovery progress reporting MDEV-11520: improvements to how InnoDB data files are...
BroadWin WebAccess Version Detection
Detection of BroadWin WebAccess. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
Advantech WebAccess Version Detection (HTTP)
Detection of Advantech WebAccess. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
cheyenne.InocuLAN.passwd.txt
Date: Fri, 5 Mar 1999 12:19:59 -0800 From: JEK To: [email protected] Subject: Cheyenne InocuLAN for Exchange plain text password still there This dates back to Ron Watkins' post on 12/16/98 regarding the plain text account name/password left in the exchverify.log file by the...