Lucene search
K

322 matches found

BDU FSTEC
BDU FSTEC
added 2022/10/04 12:0 a.m.8 views

The vulnerability of the network firewall used for protecting web applications, Trustwave ModSecurity, arises from the execution of a loop with an unavailable exit condition. This allows attackers to trigger a service failure.

The vulnerability of the network firewall used for protecting web applications, Trustwave ModSecurity, is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted HTTP...

7.8CVSS7.3AI score0.03179EPSS
Exploits2References7Affected Software2
ThreatPost
ThreatPost
added 2022/03/24 1:10 p.m.310 views

Microsoft Help Files Disguise Vidar Malware

Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday actually, that’s probably the first place you should look? How about in a technical documentation file? In a report published Thursday, Trustwave SpiderLabs revealed ...

8.6AI score
Exploits0References8
OSV
OSV
added 2022/03/10 6:9 p.m.12 views

CLSA-2022-1646935759 Update of ca-certificates

remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...

5.8AI score
Exploits0References1
OSV
OSV
added 2022/03/10 6:8 p.m.8 views

CLSA-2022-1646935701 Update of ca-certificates

remove old certificate - Removing: - Certificate "DST Root CA X3" - Update to CKBI 2.50 from NSS 3.67 - Update to CKBI 2.48 from NSS 3.66 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "GeoTrust Global CA" - Certificate "GeoTrust Universal...

5.8AI score
Exploits0References1
0day.today
0day.today
added 2022/02/16 12:0 a.m.267 views

ServiceNow - Username Enumeration Exploit

Exploit Title: ServiceNow - Username Enumeration Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...

5.3CVSS5.4AI score0.14316EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/02/16 12:0 a.m.282 views

ServiceNow Orlando Username Enumeration

Exploit Title: ServiceNow - Username Enumeration Google Dork: NA Date: 12 February 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...

5.4AI score0.14316EPSS
Exploits5
Malwarebytes
Malwarebytes
added 2022/02/14 3:52 p.m.22 views

Ransomware gang hits 49ers’ network before Super Bowl kick off

The San Francisco 49ers has confirmed that it has been hit by a ransomware attack. The announcement came just hours before the biggest football game of the year, Sundays Super Bowl between the Cincinnati Bengals and the Los Angeles Rams. In a boilerplate statement to BleepingComputer, the 49ers...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/09 12:0 a.m.294 views

Grandstream GXV31XX settimezone Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution", 'Description' = %q This module exploits a command injection vulnerability i...

9.8CVSS0.5AI score0.15353EPSS
Exploits7
ThreatPost
ThreatPost
added 2022/01/28 4:54 p.m.35 views

Zerodium Spikes Payout for Outlook Zero-Days

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a zero-click, remote code-execution RCE exploit. “Zero-click” means that targets neither have to read a malicious email message no...

6.5CVSS6.8AI score0.04992EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2022/01/13 2:6 p.m.19 views

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

2.6AI score
Exploits0
hivepro
hivepro
added 2021/12/07 1:24 p.m.453 views

BlackByte ransomware exploits Microsoft Servers ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlackByte ransomware is targeting organizations with unpatched ProxyShell vulnerabilities. Proxy Shell was addressed by hive pro threat researcher in the previous advisory released on August 24. ProxyShell is a combination of...

10CVSS0.9AI score0.99999EPSS
Exploits18
Patchstack
Patchstack
added 2021/10/09 12:0 a.m.12 views

WordPress Inline Related Posts plugin <= 3.0.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability discovered by Martin Vierula Trustwave in WordPress Inline Related Posts plugin versions = 3.0.4. Solution Update the WordPress Inline Related Posts plugin to the latest available version at least 3.0.5...

2.3AI score
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/10/06 12:0 a.m.42 views

WordPress Age Gate plugin <= 2.16.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Martin Vierula Trustwave in WordPress Age Gate plugin versions = 2.16.3. Solution Update the WordPress Age Gate plugin to the latest available version at least 2.16.4...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/09/10 12:0 a.m.20 views

WordPress StopBadBots plugin <= 6.59 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula Trustwave in WordPress StopBadBots plugin versions = 6.59. Solution Update the WordPress StopBadBots plugin to the latest available version at least 6.60...

8.8CVSS3.4AI score0.01713EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/10 12:0 a.m.13 views

WordPress WP Simple Booking Calendar plugin <= 2.0.6 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula Trustwave in WordPress WP Simple Booking Calendar plugin versions = 2.0.6. Solution Update the WordPress WP Simple Booking Calendar plugin to the latest available version at least 2.0.7...

8.8CVSS2.7AI score0.01567EPSS
Exploits2References3Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/09/09 5:0 p.m.39 views

Combat attacks with security solutions from Trustwave and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In 2021, cyberattacks and instances of ransomware demands against companies, agencies, and institutions have dominated the headlines. These kinds of attacks are on the rise and often...

7.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/09/09 5:0 p.m.28 views

Combat attacks with security solutions from Trustwave and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In 2021, cyberattacks and instances of ransomware demands against companies, agencies, and institutions have dominated the headlines. These kinds of attacks are on the rise and often...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/08/05 3:26 p.m.45 views

MacOS Flaw in Telegram Retrieves Deleted Messages

A vulnerability in a high-level privacy feature of Telegram on macOS that sets up a “self-destruct” timer for messages on both the sender’s and recipient’s devices can allow someone to retrieve these messages even after they’ve been deleted, a researcher has found. Reegun Richard Jayapaul,...

6.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/02/03 11:0 a.m.67 views

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker and one in the Serv-U FTP for Windows product. The most severe of these could allow trivial remote code execution with high privileges. The SolarWinds Orion platform is the network managemen...

0.7AI score0.36426EPSS
Exploits3References5
ThreatPost
ThreatPost
added 2021/01/06 9:20 p.m.41 views

It’s Not the Trump Sex Tape, It’s a RAT

As outgoing President Donald Trump continues to dominate headlines, cybercriminals have decided to horn in on the much-gossiped-about — and yet to materialize — Trump sex tape as a lure for malware delivery. A campaign has been uncovered that labels a malware downloader with the filename...

0.2AI score
Exploits0References8
Rows per page
Query Builder