Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2023-29382: Security Center - Zimbra :: Tech Center

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE
Open in Source
#xss#csrf#vulnerability#web#android#mac#apple#microsoft#ubuntu#linux#debian#red_hat#apache#memcached#nodejs#js#git#java#oracle#php#rce#perl#ldap#nginx#ssrf#pdf#auth#zero_day#ssl
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain

In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs.

CVE-2023-36969: CMS Made Simple v2.2.17 – File Upload Remote Code Execution (RCE) (Authenticated)

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.

ABUS TVIP

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ABUS Equipment: ABUS Security Camera Vulnerability: Command injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary file reads or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ABUS TVIP, an indoor security camera, are affected:  ABUS TVIP: 20000-21150 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77 ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. CVE-2023-26609 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Comercial Facilities COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER...

Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

By Deeba Ahmed The vulnerability has a CVSS score of 9.8 out of 10, is a critical security bug that affects Fortinet appliances and has been actively exploited in the wild. This is a post from HackRead.com Read the original post: Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk

Warning issued over vulnerability in cardiac devices

Categories: Exploits and vulnerabilities Categories: News Tags: Medtronic Tags: Paceart Optima Tags: CVE-2023-31222 Tags: deserialization Tags: update Tags: messaging A vulnerability in Medtronic's Paceart Optima cardiac device could lead to further network penetration, RCE, and DoS attacks (Read more...) The post Warning issued over vulnerability in cardiac devices appeared first on Malwarebytes Labs.

Update Android now! Google patches three actively exploited zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: 2023-07-05 Tags: CVE2021-29256 Tags: CVE-2023-26083 Tags: CVE-2023-2136 Tags: CVE-2023-21250 Tags: ARM Tags: Skia Google has patched 43 vulnerabilities in Android, three of which are actively exploited zero-day vulnerabilities. (Read more...) The post Update Android now! Google patches three actively exploited zero-days appeared first on Malwarebytes Labs.

3 Critical RCE Bugs Threaten Industrial Solar Panels, Endangering Grid Systems

Exposed and unpatched solar power monitoring systems have been exploited by both amateurs and professionals, including Mirai botnet hackers.

POS Codekop 2.0 Shell Upload

POS Codekop version 2.0 suffers from a remote shell upload vulnerability.

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched. CVE-2023-27997