#ssl

Provides security architects with access to custom scripts that can be natively integrated with other Qualys solutions.

Traditional businesses migrating to the cloud need robust information security mechanisms. Gartner predicts that more than 95% of new digital workloads will continue to be deployed on cloud-native platforms by 2025. Robust cloud data security is imperative for businesses adopting rapid digital transformation to the cloud. While a traditional hosting model could be considered more secure, not all

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.

Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.

ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.

By Nate Pors. Top executives are increasingly dreading the phone call from their fellow employees notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organization has been in the media spotlight as their public relations team... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat actors have launched a new campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites designed to get visitors to accept web push notifications. The post Fake reCAPTCHA forms dupe users via compromised WordPress sites appeared first on Malwarebytes Labs.

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.