Search cyberveille.decio.ch

Found 16 bookmarks

Custom sorting

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

#bleepingcomputer #EN #2024 #D-Link #End-of-Life #End-of-Service #Hardware #RCE #Remote-Code-Execution #Vulnerability #DIR-846W

·bleepingcomputer.com·Sep 7, 2024

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Veeam warns of critical RCE flaw in Backup & Replication software

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

#bleepingcomputer #EN #2024 #RCE #Remote-Code-Execution #Veeam #Veeam-Backup-&-Replication #Veeam-ONE #Vulnerability

·bleepingcomputer.com·Sep 6, 2024

Veeam warns of critical RCE flaw in Backup & Replication software

Over 92,000 exposed D-Link NAS devices have a backdoor account

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.

#bleepingcomputer #En #2024 #Backdoor #Command-Injection #D-Link #EOL #NAS #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Apr 6, 2024

Over 92,000 exposed D-Link NAS devices have a backdoor account

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.

#bleepingcomputer #EN #2024 #Connect-Secure #Denial-of-Service #DoS #Ivanti #Policy-Secure #RCE #Remote-Code-Execution #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Apr 4, 2024

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

#bleepingcomputer #EN #2024 #Actively-Exploited #Exploit #Fortinet #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #SQL-Injection #CVE-2023-48788

·bleepingcomputer.com·Mar 21, 2024

Exploit released for Fortinet RCE bug used in attacks, patch now

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.

#bleepingcomputer #EN #204 #Fortinet #FortiSIEM #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Feb 8, 2024

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.

#bleepingcomputer #EN #2024 #Ivanti #Ivanti-Endpoint-Manager #Ivanti-EPM #RCE #Remote-Code-Execution #CVE-2023-39336

·bleepingcomputer.com·Jan 5, 2024

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Hackers are exploiting critical Apache Struts flaw using public PoC

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

#bleepingcomputer #EN #2023 #Actively-Exploited #Apache-Struts #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #CVE-2023-50164

·bleepingcomputer.com·Dec 13, 2023

Hackers are exploiting critical Apache Struts flaw using public PoC

Sophos backports RCE fix after attacks on unsupported firewalls

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.

#bleepingcomputer #En #2023 #Actively-Exploited #Firewall #RCE #Remote-Code-Execution #Security-Update #Sophos

·bleepingcomputer.com·Dec 12, 2023

Sophos backports RCE fix after attacks on unsupported firewalls

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

#bleepingcomputer #EN #2023 #Backup-Migration #Code-Injection #CVE-2023-6553 #PHP #RCE #Remote-Code-Execution #WordPress

·bleepingcomputer.com·Dec 12, 2023

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes

Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.

#akamai #EN #2023 #Kubernetes #command-injection #vulnerability #YAML #rce #remote-code-execution

·akamai.com·Sep 15, 2023

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes

Attacks on Citrix NetScaler systems linked to ransomware actor

A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.

#bleepingcomputer #EN #2023 #CVE-2023-3519 #Citrix #FIN8 #Citrix-ADC #Citrix-Gateway #Code-Injection #Ransomware #Remote-Code-Execution

·bleepingcomputer.com·Aug 29, 2023

Attacks on Citrix NetScaler systems linked to ransomware actor

Cisco discloses high-severity IP phone zero-day with exploit code

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

#bleepingcomputer #EN #2022 #Cisco #Denial-of-Service #DoS #RCE #Remote-Code-Execution #Zero-Day #CVE-2022-20968

·bleepingcomputer.com·Dec 12, 2022

Cisco discloses high-severity IP phone zero-day with exploit code

Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

#bleepingcomputer #EN #2022 #CVE-2022-41082 #CVE-2022-41040 #Exploit #Microsoft-Exchange #Privilege-Escalation #Proof-of-Concept #ProxyNotShell #RCE #Remote-Code-Execution

·bleepingcomputer.com·Nov 21, 2022

Exploit released for actively abused ProxyNotShell Exchange bug

Cisco discloses high-severity IP phone zero-day with exploit code

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

#bleepingcomputer #EN #2022 #Cisco #Denial-of-Service #DoS #RCE #Remote-Code-Execution #Zero-Day #CVE-2022-20968

·bleepingcomputer.com·Dec 12, 2022

Cisco discloses high-severity IP phone zero-day with exploit code

Exploit released for actively abused ProxyNotShell Exchange bug

Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

#bleepingcomputer #EN #2022 #CVE-2022-41082 #CVE-2022-41040 #Exploit #Microsoft-Exchange #Privilege-Escalation #Proof-of-Concept #ProxyNotShell #RCE #Remote-Code-Execution

·bleepingcomputer.com·Nov 21, 2022

Exploit released for actively abused ProxyNotShell Exchange bug