A number of vulnerabilities have been discovered in Phoenix Contact industrial solutions that allow unauthorized…
With its help, attackers can take control of the server in order to intercept or interact with e-mails passing through it.
21Nails includes 11 vulnerabilities that require local access to the server to exploit, and 10 vulnerabilities that can be exploited remotely.
The problem affects all versions of Exim released in the last 17 years (since 2004).
Exim is a popular mail transfer agent (MTA) available for major Unix-like operating systems and pre-installed on Linux distributions such as Debian. According to a recent survey, about 60% of Internet servers are running Exim. A Shodan search reveals that nearly 4 million Exim servers are connected to the Internet.
To avoid possible cyberattacks, server owners are strongly advised to update them to version 4.94.
Previous vulnerabilities in Exim, disclosed in 2019-2020, were actively exploited by hacker groups, both financially motivated and working for the government.
However, more often than not, attackers exploited a vulnerability (CVE-2019-10149) known as Return of the WIZard.
Qualys researchers say they will not publish exploits for all 21Nails Exim vulnerabilities. However, the Exim command notification contains enough information to enable attackers to design effective exploits.
Let me also remind you of another rather sensational critical vulnerability: WSJ Says Microsoft Partners May Be Involved in Cyberattack on Exchange Servers.
News-bfopeci.info is a domain that tries to force you into subscribing to its browser notifications…
News-bfugaho.info is a site that tries to force you into clik to its browser notifications…
News-bganise.info is a domain that tries to trick you into clik to its browser notifications…
News-xhijupa.com is a domain that tries to trick you into subscribing to its browser notifications…
News-xnicini.cc is a domain that tries to trick you into subscribing to its browser notifications…
News-xpafema.cc is a site that tries to trick you into subscribing to its browser notifications…