[webapps] AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50297
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50297
Exploit Database
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platform
CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial
https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html
Los equipos de seguridad informática de AMD anunciaron la corrección de una vulnerabilidad que habría permitido a los actores de...
The post CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial (https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html) appeared first on IICS (https://www.iicybersecurity.com/).
https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html
Los equipos de seguridad informática de AMD anunciaron la corrección de una vulnerabilidad que habría permitido a los actores de...
The post CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial (https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html) appeared first on IICS (https://www.iicybersecurity.com/).
IICS
CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial | IICS
CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial | Ciberseguridad
Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38647
Released: Sep 14, 2021 Last updated: Sep 17, 2021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
CVE-2021-38647
Released: Sep 14, 2021 Last updated: Sep 17, 2021
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
📃 "Ciberataques DrDoS basados en el protocolo CharGEN" https://www.incibe-cert.es/blog/ciberataques-drdos-basado-el-protocolo-chargen
CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.
https://securityaffairs.co/wordpress/122330/security/amd-driver-vulnerability.html
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.
https://securityaffairs.co/wordpress/122330/security/amd-driver-vulnerability.html
Security Affairs
CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow to access to sensitive information.
Múltiples vulnerabilidades en Moodle
Fecha de publicación: 21/09/2021
Importancia: 5 - Crítica
Recursos afectados:
Las versiones de Moodle que se ven afectadas son las siguientes:
de la 3.11 a la 3.11.2,
de la 3.10 a la 3.10.6,
de la 3.9 a la 3.9.9 y
versiones anteriores sin soporte.
Descripción:
Se han publicado cuatro vulnerabilidades de severidad crítica y otra de severidad baja que podrían permitir a un atacante realizar un secuestro de sesión o acceder a información confidencial.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-16
Fecha de publicación: 21/09/2021
Importancia: 5 - Crítica
Recursos afectados:
Las versiones de Moodle que se ven afectadas son las siguientes:
de la 3.11 a la 3.11.2,
de la 3.10 a la 3.10.6,
de la 3.9 a la 3.9.9 y
versiones anteriores sin soporte.
Descripción:
Se han publicado cuatro vulnerabilidades de severidad crítica y otra de severidad baja que podrían permitir a un atacante realizar un secuestro de sesión o acceder a información confidencial.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-16
INCIBE-CERT
Múltiples vulnerabilidades en Moodle
Se han publicado cuatro vulnerabilidades de severidad crítica y otra de severidad baja que podrían permitir a un atacante realizar un secuestro de sesión o acceder a información confidencial.
Infección de Ransomware a través de un exploit de 11 años en ColdFusion
https://blog.segu-info.com.ar/2021/09/infeccion-de-ransomware-traves-de-un.html
https://blog.segu-info.com.ar/2021/09/infeccion-de-ransomware-traves-de-un.html
Segu-Info - Ciberseguridad desde 2000
Infección de Ransomware a través de un exploit de 11 años en ColdFusion
¿Cuál es la diferencia entre VPS y VPN? ¿Qué es un VPS?
https://www.le-vpn.com/es/vps-vs-vpn-cual-es-la-diferencia/
https://www.le-vpn.com/es/vps-vs-vpn-cual-es-la-diferencia/
【 DIFERENCIAS entre VPS vs VPN 】¿Qué Hosting es mejor? ▷ 2021
https://internetpasoapaso.com/diferencias-entre-vps-y-vpn/
https://internetpasoapaso.com/diferencias-entre-vps-y-vpn/
Internet Paso a Paso
【 DIFERENCIAS entre VPS vs VPN 】¿Qué Hosting es mejor? ▷ 2022
ACTUALIZADO ✅ ¿Tienes dudas sobre que tipo de servidor web elegir y quieres saber las diferencias y semejanzas entre ellos? ⭐ ENTRA AQUÍ ⭐ y Descubre cual es mejor ✅ FÁCIL y RÁPIDO ✅
Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise.
https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise
https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials/
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials/
BleepingComputer
Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.
Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%20Access%20Points%20WLAN%20Control%20Protocol%20Packet%20Buffer%20Leak%20Denial%20of%20Service%20Vulnerability&vs_k=1
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL
Security Impact Rating: High
CVE: CVE-2021-34740
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%20Access%20Points%20WLAN%20Control%20Protocol%20Packet%20Buffer%20Leak%20Denial%20of%20Service%20Vulnerability&vs_k=1
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL
Security Impact Rating: High
CVE: CVE-2021-34740
Cisco
Cisco Security Advisory: Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
This…
This…