Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-22844: TALOS-2023-1700 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

CVE
Open in Source
#vulnerability#web#cisco#js#intel#auth
CVE-2023-22365: TALOS-2023-1711 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2023-22306: TALOS-2023-1698 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-22371: TALOS-2023-1703 || Cisco Talos Intelligence Group

An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-24595: TALOS-2023-1713 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-25124: TALOS-2023-1716 || Cisco Talos Intelligence Group

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.

CVE-2023-24018: TALOS-2023-1715 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.

Google Searches for 'USPS Package Tracking' Lead to Banking Theft

Attackers are leveraging well-executed brand impersonation in a Google ads malvertising effort that collects both credit card and bank details from victims.

6 Steps To Outsmart Business Email Compromise Scammers

Email fraud is a confidence game that costs the economy billions. An effective defense takes technology and vigilance.

The growth of commercial spyware based intelligence providers without legal or ethical supervision

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware.