βΌ CVE-2020-25210 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27191 βΌ
π Read
via "National Vulnerability Database".
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27628 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.π Read
via "National Vulnerability Database".
β Naked Security Live β Donβt get hoaxed (pass it on)! β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Donβt get hoaxed (pass it on)!
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
β Hacked Security Software Used in Novel South Korean Supply-Chain Attack β
π Read
via "Threat Post".
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.π Read
via "Threat Post".
Threat Post
Hacked Security Software Used in Novel South Korean Supply-Chain Attack
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.
π΄ Zoom Debuts New Tools to Fight Meeting Disruptions π΄
π Read
via "Dark Reading".
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.π Read
via "Dark Reading".
Dark Reading
Zoom Debuts New Tools to Fight Meeting Disruptions
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.
βΌ CVE-2020-27988 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).π Read
via "National Vulnerability Database".
βΌ CVE-2020-4665 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27990 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).π Read
via "National Vulnerability Database".
βΌ CVE-2020-23490 βΌ
π Read
via "National Vulnerability Database".
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4672 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4647 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4671 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4763 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4655 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4700 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4705 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4476 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4475 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23489 βΌ
π Read
via "National Vulnerability Database".
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27991 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).π Read
via "National Vulnerability Database".