‼ CVE-2020-27481 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization.📖 Read
via "National Vulnerability Database".
🛠 Sifter 11 🛠
📖 Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 11 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 OATH Toolkit 2.6.4 🛠
📖 Read
via "Packet Storm Security".
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.📖 Read
via "Packet Storm Security".
Packetstormsecurity
OATH Toolkit 2.6.4 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks ❌
📖 Read
via "Threat Post".
Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations.📖 Read
via "Threat Post".
Threat Post
Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations.
‼ CVE-2020-24443 ‼
📖 Read
via "National Vulnerability Database".
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24442 ‼
📖 Read
via "National Vulnerability Database".
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24441 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.📖 Read
via "National Vulnerability Database".
❌ Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys ❌
📖 Read
via "Threat Post".
Hacker forums are a rich source of threat intelligence.📖 Read
via "Threat Post".
Threat Post
Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys
Fortinet's Aamir Lakhani discusses hacker forums as a rich source of threat intelligence.
🕴 DARPA and Academia Jumpstart 5G IoT Security Efforts 🕴
📖 Read
via "Dark Reading".
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.📖 Read
via "Dark Reading".
Dark Reading
DARPA and Academia Jumpstart 5G IoT Security Efforts
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
‼ CVE-2020-0588 ‼
📖 Read
via "National Vulnerability Database".
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8766 ‼
📖 Read
via "National Vulnerability Database".
Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12310 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28271 ‼
📖 Read
via "National Vulnerability Database".
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-11121 ‼
📖 Read
via "National Vulnerability Database".
Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8738 ‼
📖 Read
via "National Vulnerability Database".
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8746 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8751 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8692 ‼
📖 Read
via "National Vulnerability Database".
Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8755 ‼
📖 Read
via "National Vulnerability Database".
Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8739 ‼
📖 Read
via "National Vulnerability Database".
Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".