18 matches found
VulnCheck KEV: CVE-2024-12802
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...
EUVD-2020-26391
Malware in sbrugna...
EUVD-2020-26392
Malware in sbrugna...
EUVD-2021-7510
Malicious code in bioql PyPI...
CVE-2021-20051
SonicWall Global VPN Client 4.10.7.1117 installer 32-bit and 64-bit and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system...
CVE-2020-5145
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading DLL hijacking vulnerability. Successful exploitation could lead to remote code execution in the target system...
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
.jpg The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control C2 infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-Ju...
SonicWall SSLVPN 路径遍历漏洞
SonicWALL SSLVPN is a transparent software application for Windows and Linux users from SonicWALL USA. It enables remote users to securely connect to the corporate network. A path traversal vulnerability exists in SonicWall SSLVPN, which allows an authenticated attacker to read arbitrary files...
SonicWall SSLVPN 操作系统命令注入漏洞
SonicWALL SSLVPN is a transparent software application for Windows and Linux users from SonicWALL USA. It enables remote users to securely connect to the corporate network. An operating system command injection vulnerability exists in SonicWall SSLVPN and affects the following products and...
Wazawaka Goes Waka Waka
In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a...
SMA 100 flaws in SonicWall VPN expose devices to remote takeover
By Waqas If exploited, an unauthenticated, remote attacker can execute code as a "nobody user" in the device meaning attacker would get root access and gain full control of the device. This is a post from HackRead.com Read the original post: SMA 100 flaws in SonicWall VPN expose devices to remote...
CVE-2020-5144
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability...
CVE-2020-5145
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading DLL hijacking vulnerability. Successful exploitation could lead to remote code execution in the target system...
SonicWall Global VPN client version 4.10.4.0314 and earlier allows privilege elevation through loaded process hijacking vulnerability
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. CVE: CVE-2020-5144 Last updated: Oct. 28, 2020, 9:31 a.m...
SonicWALL SSL-VPN 'cgi-bin/welcome/VirtualOffice' Remote Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35145/info Multiple SonicWALL SSL-VPN devices are prone to a remote format-string vulnerability because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing...
SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability
SEC Consult Security Advisory 20090525-4 ========================================================================== title: SonicOS Format String Vulnerability program: SonicWALL Global VPN Client vulnerable version: PRO 4100 SonicOS 4.0.0.2-51e Standard and Enhanced possibly other versions...
CVE-2007-6273
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the 1 Hostname tag or the 2 name attribute in the Connection tag. NOTE: there might...
SonicWall VPN Detection
Binary data 3573.prm...