‼ CVE-2020-28139 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13349 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28140 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28133 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26405 ‼
📖 Read
via "National Vulnerability Database".
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28138 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28136 ‼
📖 Read
via "National Vulnerability Database".
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13348 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.📖 Read
via "National Vulnerability Database".
❌ ThreatList: Pharma Mobile Phishing Attacks Turn to Malware ❌
📖 Read
via "Threat Post".
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.📖 Read
via "Threat Post".
Threat Post
ThreatList: Pharma Mobile Phishing Attacks Turn to Malware
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.
❌ Defining Security Policies to Manage Remote Insider Threats ❌
📖 Read
via "Threat Post".
This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.📖 Read
via "Threat Post".
Threat Post
Defining Security Policies to Manage Remote Insider Threats
Plixer's Justin Jett on finding insider threats amidst the ever-increasing work-from-home population.
🕴 Vulnerability Prioritization Tops Security Pros' Challenges 🕴
📖 Read
via "Dark Reading".
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.📖 Read
via "Dark Reading".
Dark Reading
Vulnerability Prioritization Tops Security Pros' Challenges
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
❌ Multiple Industrial Control System Vendors Warn of Critical Bugs ❌
📖 Read
via "Threat Post".
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.📖 Read
via "Threat Post".
Threat Post
Multiple Industrial Control System Vendors Warn of Critical Bugs
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.
🕴 EFF, Security Experts Condemn Politicization of Election Security 🕴
📖 Read
via "Dark Reading".
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."📖 Read
via "Dark Reading".
Dark Reading
EFF, Security Experts Condemn Politicization of Election Security
Open letter, signed by high-profile security professionals and organizations, urges White House to reverse course and support election security.
‼ CVE-2020-26551 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28129 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26549 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26553 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26550 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25890 ‼
📖 Read
via "National Vulnerability Database".
The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28092 ‼
📖 Read
via "National Vulnerability Database".
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26552 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.📖 Read
via "National Vulnerability Database".