Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability

Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company said it

The Hacker News
Open in Source
#vulnerability#web#rce#The Hacker News
CVE-2022-39240: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in MyGraph

MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

CVE-2022-38742: ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

CVE-2022-40866: Router-vuls/setDebugCfg.md at main · CPSeek/Router-vuls

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/

CVE-2022-40855: Router-vuls/formSetPortMapping.md at main · CPSeek/Router-vuls

Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.

CVE-2022-40868: Router-vuls/formDelDhcpRule.md at main · CPSeek/Router-vuls

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/

CVE-2022-40867: Router-vuls/formIPMacBindDel.md at main · CPSeek/Router-vuls

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/

CVE-2022-40861: Router-vuls/formSetQosBand.md at main · CPSeek/Router-vuls

Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/