Lucene search
K

14901 matches found

Hacker One
Hacker One
added 2021/07/16 10:17 a.m.101 views

Ian Dunn: Multiple server ssh usernames leaked in your github repository

hi security team,while searching on github,I have found multiple ssh usernames that belongs to your organization are exposed in the organization github repository STEPS TO REPRODUCE:- 1.Go to this repository. you will see the leaked multiple server ssh usernames...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/07/16 12:0 a.m.21 views

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-92259)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet. The vulnerability stems fr...

9.6CVSS4.1AI score0.14115EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/07/16 12:0 a.m.12 views

Western Digital My Cloud Multiple Products 5.0 < 5.15.106 Unauthorized Access Vulnerability (WDC-21009)

Multiple Western Digital My Cloud products are prone to a vulnerability that could allow unauthorized access via SSH. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4.3CVSS5.2AI score0.9986EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/07/15 12:0 a.m.12 views

Advantech R-SeeNet 跨站脚本漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet. The vulnerability stems fr...

9.6CVSS5.5AI score0.14115EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.7 views

PT-2021-3933 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: The issue exists in the ssh form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code...

9.6CVSS7.9AI score0.14115EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2021/07/14 4:45 p.m.37 views

Linux-Focused Cryptojacking Gang Tracked to Romania

A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...

7.2AI score
Exploits0References11
Veracode
Veracode
added 2021/07/14 11:46 a.m.8 views

Information Disclosure

PuTTY is vulnerable to information disclosure. It proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to...

8.1CVSS6.3AI score0.01106EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2021/07/14 3:41 a.m.104 views

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution RCE exploit is the handiwork of a Chinese threat actor dubbed "DEV-0322." The revelation comes days after the Texas-based IT monitori...

10CVSS1.9AI score0.9116EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/07/14 12:0 a.m.10 views

Perl Detection Consolidation

Consolidation of Perl detections. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

7.3AI score
Exploits0References1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/13 10:30 p.m.197 views

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on...

10CVSS9.7AI score0.9116EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/07/13 3:58 a.m.97 views

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP product...

10CVSS1.4AI score0.9116EPSS
Exploits2
CNVD
CNVD
added 2021/07/13 12:0 a.m.19 views

PuTTY data forgery issue vulnerability

PuTTY is a free set of Telnet, Rlogin and SSH client software from Simon Tatham's personal developer. The software is primarily used for remote administration of Linux systems. PuTTY is vulnerable to a data forgery issue that could be exploited by an attacker to cause a controlled SSH server to...

8.1CVSS2.7AI score0.01106EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2021/07/12 10:39 p.m.154 views

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 released May 5, 2021 and all prior versions. Successful exploitation of CVE-2021-35211 could enable an attacker to gai...

0.7AI score0.9116EPSS
Exploits2
NVD
NVD
added 2021/07/12 4:15 p.m.7 views

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

7.5CVSS0.0071EPSS
Exploits0References2
Prion
Prion
added 2021/07/12 4:15 p.m.12 views

Code injection

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

5CVSS7.2AI score0.0071EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/12 4:5 p.m.13 views

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 203556...

5.9CVSS7.3AI score0.0071EPSS
Exploits0References2
CVE
CVE
added 2021/07/12 4:5 p.m.40 views

CVE-2021-29794

IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 use an insecure SSH server configuration that enables weaker cryptographic algorithms, potentially allowing decryption of highly sensitive information. The IBM Security Bulletin confirms the affected versions and provides a remediation path: upgrade...

7.5CVSS7.2AI score0.0071EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.11 views

Apache MINA 安全漏洞

Apache MINA is the United States Apache Apache Foundation of a web application framework. It is primarily used to develop high-performance and highly scalable web applications. Apache MINA has a security vulnerability that originates from a vulnerability in SSHD -core of Apache MINA SSHD. An...

6.5CVSS6.7AI score0.03394EPSS
Exploits0References20
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.57 views

Security update for salt (critical)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:2106-1 Rating: critical References: 1171257 1176293 1179831 1181368 1182281 1182293 1182382 1185092 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651...

9.8CVSS9.1AI score0.96405EPSS
Exploits29References13
Kitploit
Kitploit
added 2021/07/10 12:30 p.m.117 views

The-Bastion - Authentication, Authorization, Traceability And Auditability For SSH Accesses

Bastions are a cluster of machines used as the unique entry point by operational teams such as sysadmins, developers, database admins, ... to securely connect to devices servers, virtual machines, cloud instances, network equipment, ..., usually using ssh. Bastions provides mechanisms for...

8AI score
Exploits0References8
Rows per page
Query Builder