Microsoft publica el parche para el 0-day de MSHTML (CVE-2021-40444) - PARCHEA YA!
https://blog.segu-info.com.ar/2021/09/microsoft-publica-el-parche-para-el-0.html
https://blog.segu-info.com.ar/2021/09/microsoft-publica-el-parche-para-el-0.html
[Metasploit]Upgrade Normal Shell To Meterpreter Shell https://infosecwriteups.com/metasploit-upgrade-normal-shell-to-meterpreter-shell-2f09be895646?source=rss----7b722bfd1b8d---4
Medium
[Metasploit]Upgrade Normal Shell To Meterpreter Shell
After we got access to the machine, sometimes we get Meterpreter Shell immediately after exploitation. Meterpreter Shell offers the easiest…
Kali Linux 2021.3 introduce NetHunter para relojes inteligentes
https://www.linuxadictos.com/kali-linux-2021-3-introduce-algunas-novedades-pero-ninguna-llama-la-atencion-como-nethunter-para-relojes.html
https://www.linuxadictos.com/kali-linux-2021-3-introduce-algunas-novedades-pero-ninguna-llama-la-atencion-como-nethunter-para-relojes.html
Linux Adictos
Kali Linux 2021.3 introduce algunas novedades, pero ninguna llama la atención como NetHunter para relojes
Kali Linux 2021.3 ha llegado con cambios habituales y otros que no lo son tanto, como que NetHunter soporta ahora relojes inteligentes.
Múltiples vulnerabilidades en el core de Drupal
Fecha de publicación: 16/09/2021
Importancia: 3 - Media
Recursos afectados:
Drupal, versión 9.2, 9.1 y 8.9.
Las versiones de Drupal 8 anteriores a la 8.9.x y de Drupal 9 anteriores a la 9.1.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad.
Descripción:
Se han publicado cinco vulnerabilidades de severidad media que podrían afectar al core de Drupal.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-1
Fecha de publicación: 16/09/2021
Importancia: 3 - Media
Recursos afectados:
Drupal, versión 9.2, 9.1 y 8.9.
Las versiones de Drupal 8 anteriores a la 8.9.x y de Drupal 9 anteriores a la 9.1.x, se encuentran al final de su vida útil y ya no reciben cobertura de seguridad.
Descripción:
Se han publicado cinco vulnerabilidades de severidad media que podrían afectar al core de Drupal.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-1
INCIBE-CERT
Múltiples vulnerabilidades en el core de Drupal
Se han publicado cinco vulnerabilidades de severidad media que podrían afectar al core de Drupal.
ExploitDB Just tweeted ****************************************** [webapps] ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated) https://t.co/6Tw5vC67y5
Exploit Database
ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)
ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platform
Publicado el descifrador del ransomware REvil / Sodinokibi de forma gratuita. https://derechodelared.com/descifrador-del-ransomware-revil-gratis/
Derecho de la Red
Publicado el descifrador del ransomware REvil / Sodinokibi de forma gratuita.
Ha sido desarrollado por Bitdefender junto con un socio policial no revelado, la herramienta de descifrado se puede descargar del sitio web de Bitdefender de forma gratuita , junto con un tutorial …
Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Arbitrary%20File%20Read%20and%20Write%20Vulnerability&vs_k=1
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.
This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2
This advisory is part of the September 2021 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Cisco IOS XR Software Security Advisory Bundled Publication (https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74637).
Security Impact Rating: High
CVE: CVE-2021-34718
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Arbitrary%20File%20Read%20and%20Write%20Vulnerability&vs_k=1
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.
This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2
This advisory is part of the September 2021 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Cisco IOS XR Software Security Advisory Bundled Publication (https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74637).
Security Impact Rating: High
CVE: CVE-2021-34718
Cisco
Cisco Security Advisory: Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.
This vulnerability is due to insufficient input validation of arguments that are supplied…
This vulnerability is due to insufficient input validation of arguments that are supplied…
Microsoft lanzó el inicio de sesión sin contraseña
https://blog.segu-info.com.ar/2021/09/microsoft-lanzo-el-inicio-de-sesion-sin.html
https://blog.segu-info.com.ar/2021/09/microsoft-lanzo-el-inicio-de-sesion-sin.html
[webapps] AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50297
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50297
Exploit Database
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platform
CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial
https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html
Los equipos de seguridad informática de AMD anunciaron la corrección de una vulnerabilidad que habría permitido a los actores de...
The post CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial (https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html) appeared first on IICS (https://www.iicybersecurity.com/).
https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html
Los equipos de seguridad informática de AMD anunciaron la corrección de una vulnerabilidad que habría permitido a los actores de...
The post CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial (https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html) appeared first on IICS (https://www.iicybersecurity.com/).
IICS
CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial | IICS
CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial | Ciberseguridad
Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38647
Released: Sep 14, 2021 Last updated: Sep 17, 2021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
CVE-2021-38647
Released: Sep 14, 2021 Last updated: Sep 17, 2021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647