β Naked Security Live β Donβt get hoaxed (pass it on)! β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Donβt get hoaxed (pass it on)!
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
β Hacked Security Software Used in Novel South Korean Supply-Chain Attack β
π Read
via "Threat Post".
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.π Read
via "Threat Post".
Threat Post
Hacked Security Software Used in Novel South Korean Supply-Chain Attack
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.
π΄ Zoom Debuts New Tools to Fight Meeting Disruptions π΄
π Read
via "Dark Reading".
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.π Read
via "Dark Reading".
Dark Reading
Zoom Debuts New Tools to Fight Meeting Disruptions
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.
βΌ CVE-2020-27988 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).π Read
via "National Vulnerability Database".
βΌ CVE-2020-4665 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27990 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).π Read
via "National Vulnerability Database".
βΌ CVE-2020-23490 βΌ
π Read
via "National Vulnerability Database".
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4672 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4647 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4671 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4763 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4655 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4700 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4705 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4476 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4475 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23489 βΌ
π Read
via "National Vulnerability Database".
The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27991 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).π Read
via "National Vulnerability Database".
βΌ CVE-2020-28723 βΌ
π Read
via "National Vulnerability Database".
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27989 βΌ
π Read
via "National Vulnerability Database".
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).π Read
via "National Vulnerability Database".
βΌ CVE-2020-4692 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.π Read
via "National Vulnerability Database".