122 matches found
CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug
The FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned today that state-backed advanced persistent threat APT actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is...
CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API...
Unpatched Microsoft Exchange servers hit with ProxyShell attack
By Waqas Researchers have identified 140+ webshells launched against 1,900 unpatched Microsoft Exchange servers. This is a post from HackRead.com Read the original post: Unpatched Microsoft Exchange servers hit with ProxyShell attack...
Exploitation of Pulse Connect Secure Vulnerabilities
Summary The Cybersecurity and Infrastructure Security Agency CISA is aware of compromises affecting a number of U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to...
File Upload Vulnerability in OKLite
OKLite is an enterprise website system, the main target group is the display enterprise website users, so that the traditional small business quickly deploy the website. A file upload vulnerability exists in OKLite, which can be exploited by attackers to upload a webshell and gain server privileg...
File Upload Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co. Ltd (CNVD-2021-58569)
Guangzhou Tutron Computer Software Development Co., Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for...
File Upload Vulnerability in TerraMaster System Administration
TerraMaster Ironwillmar specializes in providing users with professional private cloud storage appliances, including NAS networked cloud storage servers and DAS direct-attached storage units. A file upload vulnerability exists in TerraMaster system administration, which can be exploited by an...
File upload vulnerability exists in phpwcms (CNVD-2021-49577)
phpwcms is an open source web content management system. A file upload vulnerability exists in phpwcms, which can be exploited by an attacker to upload a webshell and gain server privileges...
File upload vulnerability in qtcms
qtcms is a CMS builder based on Thinkphp framework. A file upload vulnerability exists in qtcms, which can be exploited by attackers to upload a webshell and gain server privileges...
Catfish Blog suffers from a file upload vulnerability (CNVD-2021-49554)
Catfish Blog is an open source free PHP blog. Catfish Blog has a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...
Catfish Blog suffers from a file upload vulnerability (CNVD-2021-49553)
Catfish Blog is an open source free PHP blog. Catfish Blog has a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...
File Upload Vulnerability in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co.
Fujian Qualicom Communication Co., Ltd. is a solution provider and service operator focusing on professional communication. A file upload vulnerability exists in the Command and Dispatch Management Platform of Fujian Qualicom Communication Co. Ltd. that can be exploited by an attacker to upload a...
File Upload Vulnerability in OfficeWeb365 of Xi'an Daxi Information Technology Co.(CNVD-2021-47669)
OfficeWeb365 focuses on Office document online preview and PDF document online preview cloud services, including Microsoft Word document online preview, Excel table online preview, Powerpoint presentation document online preview, WPS word processing, WPS forms, WPS presentations and Adobe PDF...
File upload vulnerability in deituiCMS (CNVD-2021-45395)
deituiCMS is a set of open source free website building CMS. deituiCMS has an arbitrary file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...
File Upload Vulnerability in Smart IPTV System V3 of Shenzhen Zicentron Video Technology Co.
Zicentron IPTV system has telecom-grade full-service functions, supporting live TV broadcasting IGMP multicast mode and HLS unicast mode at the same time, 4K Ultra HD, time-shift playback, video-on-demand on the intranet, OTT on-demand on the extranet, desktop customization, application push,...
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential...
CVE-2020-26679
CVE-2020-26679 affects vFairs 3.3 and is due to insecure permissions. Any logged-in user can modify other users’ profile information or profile pictures by sending an HTTP POST with another user’s ID, potentially enabling cross-site scripting or uploading PHP webshells as profile images. User IDs...
CVE-2020-26679
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...