‼ CVE-2020-24719 ‼
📖 Read
via "National Vulnerability Database".
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17494 ‼
📖 Read
via "National Vulnerability Database".
Untangle Firewall NG before 16.0 uses MD5 for passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7033 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7032 ‼
📖 Read
via "National Vulnerability Database".
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.📖 Read
via "National Vulnerability Database".
🦿 How to temporarily mitigate SAD DNS for Linux servers and desktops 🦿
📖 Read
via "Tech Republic".
Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops.📖 Read
via "Tech Republic".
TechRepublic
SAD DNS cache poisoning: A temporary fix for Linux servers and desktops
Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops.
🛠 TOR Virtual Network Tunneling Tool 0.4.4.6 🛠
📖 Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).📖 Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.4.6 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Ticketmaster Scores Hefty Fine Over 2018 Data Breach ❌
📖 Read
via "Threat Post".
The events giant faces a GDPR-related penalty in the U.K., and more could follow.📖 Read
via "Threat Post".
Threat Post
Ticketmaster Scores Hefty Fine Over 2018 Data Breach
The events giant faces a GDPR-related penalty in the U.K., and more could follow.
🦿 4 phishing scams to watch out for during the holidays 🦿
📖 Read
via "Tech Republic".
Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.📖 Read
via "Tech Republic".
TechRepublic
4 phishing scams to watch out for during the holidays
Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.
🔏 Friday Five 11/13 🔏
📖 Read
via "Digital Guardian".
Cyber Command trolling, end-to-end encryption debates, and stolen source code - catch up on all the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 11/13
Cyber Command trolling, end-to-end encryption debates, and stolen source code - catch up on all the week's infosec news with the Friday Five!
‼ CVE-2020-6148 ‼
📖 Read
via "National Vulnerability Database".
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8583 ‼
📖 Read
via "National Vulnerability Database".
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25538 ‼
📖 Read
via "National Vulnerability Database".
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25165 ‼
📖 Read
via "National Vulnerability Database".
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6156 ‼
📖 Read
via "National Vulnerability Database".
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1847 ‼
📖 Read
via "National Vulnerability Database".
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4886 ‼
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26222 ‼
📖 Read
via "National Vulnerability Database".
Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$({curl,127.0.0.1})", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25151 ‼
📖 Read
via "National Vulnerability Database".
The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25557 ‼
📖 Read
via "National Vulnerability Database".
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21667 ‼
📖 Read
via "National Vulnerability Database".
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6147 ‼
📖 Read
via "National Vulnerability Database".
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.📖 Read
via "National Vulnerability Database".