ATENTIONβΌ New - CVE-2019-12014
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12013
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
β Apple Pays $100K Bounty for Critical βSign in With Appleβ Flaw β
π Read
via "Threatpost".
Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications.π Read
via "Threatpost".
Threat Post
Apple Pays $100K Bounty for Critical βSign in With Appleβ Flaw
Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications.
π SQLMAP - Automatic SQL Injection Tool 1.4.6 π
π Go!
via "Security Tool Files β Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2019-12012
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12011
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12010
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12009
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12008
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12007
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12006
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12005
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12004
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12003
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
π΄ Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them π΄
π Read
via "Dark Reading: ".
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.π Read
via "Dark Reading: ".
Dark Reading
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
ATENTIONβΌ New - CVE-2014-9702
π Read
via "National Vulnerability Database".
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8945
π Read
via "National Vulnerability Database".
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8944
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8943
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8942
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8941
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.π Read
via "National Vulnerability Database".