Security
Headlines
HeadlinesLatestCVEs

Tag

#telnet

CVE-2023-24046: Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.

CVE
Open in Source
#xss#csrf#vulnerability#web#ios#mac#windows#git#java#perl#samba#auth#telnet#firefox#wifi
CVE-2023-48887: GitHub - fengjiachun/Jupiter: Jupiter是一款性能非常不错的, 轻量级的分布式服务框架

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.

CVE-2023-48185: TerraMaster_S1.0_V2.295存在任意文件下载漏洞 - 国民专业级NAS --铁威马官方论坛

Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request.

CVE-2023-41570: CVE-2023-41570: Access Control vulnerability in MikroTik REST API

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

Not CVE Announcement

The !CVE Project is an initiative to track and identify security issues that are not acknowledged by vendors but still are important for the security community.

CVE-2023-43119

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.

Security Patch for Two New Flaws in Curl Library Arriving on October 11

The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023. This includes a high severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version ranges

CVE-2023-4505: Staff / Employee Business Directory for Active Directory

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.

Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom

By Waqas Kaspersky Unveils Alarming IoT Vulnerabilities and Dark Web's Thriving DDoS Economy. This is a post from HackRead.com Read the original post: Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom