βΌ CVE-2020-13769 βΌ
π Read
via "National Vulnerability Database".
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27626 βΌ
π Read
via "National Vulnerability Database".
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27423 βΌ
π Read
via "National Vulnerability Database".
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailboxπ Read
via "National Vulnerability Database".
βΌ CVE-2020-27622 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26129 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25013 βΌ
π Read
via "National Vulnerability Database".
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27625 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27459 βΌ
π Read
via "National Vulnerability Database".
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13773 βΌ
π Read
via "National Vulnerability Database".
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24366 βΌ
π Read
via "National Vulnerability Database".
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27623 βΌ
π Read
via "National Vulnerability Database".
JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25952 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25210 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27191 βΌ
π Read
via "National Vulnerability Database".
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27628 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.π Read
via "National Vulnerability Database".
β Naked Security Live β Donβt get hoaxed (pass it on)! β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Donβt get hoaxed (pass it on)!
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
β Hacked Security Software Used in Novel South Korean Supply-Chain Attack β
π Read
via "Threat Post".
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.π Read
via "Threat Post".
Threat Post
Hacked Security Software Used in Novel South Korean Supply-Chain Attack
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.
π΄ Zoom Debuts New Tools to Fight Meeting Disruptions π΄
π Read
via "Dark Reading".
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.π Read
via "Dark Reading".
Dark Reading
Zoom Debuts New Tools to Fight Meeting Disruptions
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.
βΌ CVE-2020-27988 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).π Read
via "National Vulnerability Database".
βΌ CVE-2020-4665 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27990 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).π Read
via "National Vulnerability Database".