‼ CVE-2020-7841 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28688 ‼
📖 Read
via "National Vulnerability Database".
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.📖 Read
via "National Vulnerability Database".
❌ Cisco Patches Critical Flaw After PoC Exploit Code Release ❌
📖 Read
via "Threat Post".
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.📖 Read
via "Threat Post".
Threat Post
Cisco Patches Critical Flaw After PoC Exploit Code Release
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.
🕴 An Inside Look at an Account Takeover 🕴
📖 Read
via "Dark Reading".
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.📖 Read
via "Dark Reading".
Dark Reading
An Inside Look at an Account Takeover
AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
🛠 GNU Privacy Guard 2.2.24 🛠
📖 Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.24 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Security Risks Discovered in Tesla Backup Gateway 🕴
📖 Read
via "Dark Reading".
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.📖 Read
via "Dark Reading".
Dark Reading
Security Risks Discovered in Tesla Backup Gateway
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
‼ CVE-2020-27558 ‼
📖 Read
via "National Vulnerability Database".
Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27554 ‼
📖 Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27553 ‼
📖 Read
via "National Vulnerability Database".
A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25798 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13958 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27555 ‼
📖 Read
via "National Vulnerability Database".
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27556 ‼
📖 Read
via "National Vulnerability Database".
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27557 ‼
📖 Read
via "National Vulnerability Database".
Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21665 ‼
📖 Read
via "National Vulnerability Database".
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection.📖 Read
via "National Vulnerability Database".
❌ Zoom Takes on Zoom-Bombers Following FTC Settlement ❌
📖 Read
via "Threat Post".
The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.📖 Read
via "Threat Post".
Threat Post
Zoom Takes on Zoom-Bombers Following FTC Settlement
The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.
🕴 Chart: Undisputed Increase in Paid Claims 🕴
📖 Read
via "Dark Reading".
While the number of enterprises that hold cyber insurance might not have increased significantly over the past year, the number of enterprises that have successfully filed a breach insurance claim has.📖 Read
via "Dark Reading".
Dark Reading
Chart: Undisputed Increase in Paid Claims
While the number of enterprises that hold cyber insurance might not have increased significantly over the past year, the number of enterprises that have successfully filed a breach insurance claim has.
🕴 Researchers Scan for Supply-Side Threats in Open Source 🕴
📖 Read
via "Dark Reading".
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.📖 Read
via "Dark Reading".
Dark Reading
Researchers Scan for Supply-Side Threats in Open Source
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
🕴 To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective 🕴
📖 Read
via "Dark Reading".
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.📖 Read
via "Dark Reading".
Dark Reading
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
‼ CVE-2020-26701 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13351 ‼
📖 Read
via "National Vulnerability Database".
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.📖 Read
via "National Vulnerability Database".