❌ Ultimate Member Plugin for WordPress Allows Site Takeover ❌
📖 Read
via "Threat Post".
Three critical security bugs allow for easy privilege escalation to an administrator role.📖 Read
via "Threat Post".
Threat Post
Ultimate Member Plugin for WordPress Allows Site Takeover
Three critical security bugs allow for easy privilege escalation to an administrator role.
🛠 OATH Toolkit 2.6.3 🛠
📖 Read
via "Packet Storm Security".
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.📖 Read
via "Packet Storm Security".
Packetstormsecurity
OATH Toolkit 2.6.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2020-23136 ‼
📖 Read
via "National Vulnerability Database".
Microweber v1.1.18 is affected by no session expiry after log-out.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23138 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23140 ‼
📖 Read
via "National Vulnerability Database".
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23139 ‼
📖 Read
via "National Vulnerability Database".
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14366 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw📖 Read
via "National Vulnerability Database".
❌ Cyberattack on UVM Health Network Impedes Chemotherapy Appointments ❌
📖 Read
via "Threat Post".
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.📖 Read
via "Threat Post".
Threat Post
Cyberattack on UVM Health Network Impedes Chemotherapy Appointments
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.
❌ Trump Site Alleging AZ Election Fraud Exposes Voter Data ❌
📖 Read
via "Threat Post".
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection.📖 Read
via "Threat Post".
Threat Post
Trump Site Alleging AZ Election Fraud Exposes Voter Data
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection.
🕴 Data Privacy Gets Solid Upgrade With Early Adopters 🕴
📖 Read
via "Dark Reading".
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data.📖 Read
via "Dark Reading".
Dark Reading
Data Privacy Gets Solid Upgrade With Early Adopters
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Le
🦿 How to securely donate old Windows 10 PCs 🦿
📖 Read
via "Tech Republic".
Many are looking to donate their spare computing devices to people who need them but can't afford to get them on their own. There is a safe and data-secure way to make your donation.📖 Read
via "Tech Republic".
TechRepublic
How to securely donate old Windows 10 PCs
Many are looking to donate their spare computing devices to people who need them but can't afford to get them on their own. There is a safe and data-secure way to make your donation.
🔏 CPRA Set to Revamp Privacy Laws in California Yet Again 🔏
📖 Read
via "Digital Guardian".
Voters in California passed new data privacy legislation, the California Privacy Rights Act - building off the California Consumer Privacy Act - last week.📖 Read
via "Digital Guardian".
Digital Guardian
CPRA Set to Revamp Privacy Laws in California Yet Again
Voters in California passed new data privacy legislation, the California Privacy Rights Act - building off the California Consumer Privacy Act - last week.
‼ CVE-2020-27977 ‼
📖 Read
via "National Vulnerability Database".
CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26542 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server. When used to authenticate against Microsoft Active Directory, it suffers from an authentication validation issue whereby a blank password can be used to authenticate with the service successfully.📖 Read
via "National Vulnerability Database".
🕴 FTC Announces Consent Agreement With Zoom 🕴
📖 Read
via "Dark Reading".
The agreement covers Zoom's misleading statements on security for its audio and video calling.📖 Read
via "Dark Reading".
Dark Reading
FTC Announces Consent Agreement With Zoom
The agreement covers Zoom's misleading statements on security for its audio and video calling.
🦿 Top 5 things to do with old gadgets 🦿
📖 Read
via "Tech Republic".
If you're wondering what to do with devices you don't use anymore, Tom Merritt offers five suggestions for how to deal with them.📖 Read
via "Tech Republic".
TechRepublic
Top 5 things to do with old gadgets
If you're wondering what to do with devices you don't use anymore, Tom Merritt offers five suggestions for how to deal with them.
🕴 New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries 🕴
📖 Read
via "Dark Reading".
Ghimob is a full-fledged spy in your pocket, Kaspersky says.📖 Read
via "Dark Reading".
Dark Reading
New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries
Ghimob is a full-fledged spy in your pocket, Kaspersky says.
‼ CVE-2020-14188 ‼
📖 Read
via "National Vulnerability Database".
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28364 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4651 ‼
📖 Read
via "National Vulnerability Database".
IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28371 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".