βΌ CVE-2020-11860 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)π Read
via "National Vulnerability Database".
βΌ CVE-2020-14389 βΌ
π Read
via "National Vulnerability Database".
It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26406 βΌ
π Read
via "National Vulnerability Database".
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25833 βΌ
π Read
via "National Vulnerability Database".
Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.π Read
via "National Vulnerability Database".
β Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs β
π Read
via "Threat Post".
Attackers can exploit the feature and send peopleβs data directly to remote servers, posing a privacy and security risk, researchers said.π Read
via "Threat Post".
Threat Post
Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs
Malware can easily exploit the feature and send peopleβs data directly to remote servers, posing a massive privacy and security risk, researchers said.
π΄ Ransomware Operator Promotes Distributed Storage for Stolen Data π΄
π Read
via "Dark Reading".
The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.π Read
via "Dark Reading".
Dark Reading
Ransomware Operator Promotes Distributed Storage for Stolen Data
The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.
βΌ CVE-2020-28687 βΌ
π Read
via "National Vulnerability Database".
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7774 βΌ
π Read
via "National Vulnerability Database".
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // trueπ Read
via "National Vulnerability Database".
βΌ CVE-2020-25746 βΌ
π Read
via "National Vulnerability Database".
QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28647 βΌ
π Read
via "National Vulnerability Database".
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-7841 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://π Read
via "National Vulnerability Database".
βΌ CVE-2020-28688 βΌ
π Read
via "National Vulnerability Database".
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.π Read
via "National Vulnerability Database".
β Cisco Patches Critical Flaw After PoC Exploit Code Release β
π Read
via "Threat Post".
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.π Read
via "Threat Post".
Threat Post
Cisco Patches Critical Flaw After PoC Exploit Code Release
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.
π΄ An Inside Look at an Account Takeover π΄
π Read
via "Dark Reading".
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.π Read
via "Dark Reading".
Dark Reading
An Inside Look at an Account Takeover
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
π GNU Privacy Guard 2.2.24 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.24 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Security Risks Discovered in Tesla Backup Gateway π΄
π Read
via "Dark Reading".
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.π Read
via "Dark Reading".
Dark Reading
Security Risks Discovered in Tesla Backup Gateway
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
βΌ CVE-2020-27558 βΌ
π Read
via "National Vulnerability Database".
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27554 βΌ
π Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27553 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25798 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13958 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.π Read
via "National Vulnerability Database".