‼ CVE-2020-25265 ‼
📖 Read
via "National Vulnerability Database".
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-2910 ‼
📖 Read
via "National Vulnerability Database".
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
❌ Xerox DocuShare Bugs Allowed Data Leaks ❌
📖 Read
via "Threat Post".
CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.📖 Read
via "Threat Post".
Threat Post
Xerox DocuShare Bugs Allow Data Leaks
CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.
❌ Think-Tanks Under Attack by APTs, CISA Warns ❌
📖 Read
via "Threat Post".
The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.📖 Read
via "Threat Post".
Threat Post
Think-Tanks Under Attack by Foreign APTs, CISA Warns
The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.
🕴 Loyal Employee ... or Cybercriminal Accomplice? 🕴
📖 Read
via "Dark Reading".
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.📖 Read
via "Dark Reading".
Dark Reading
Loyal Employee ... or Cybercriminal Accomplice?
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
🕴 FBI: BEC Scammers Could Abuse Email Auto-Forwarding 🕴
📖 Read
via "Dark Reading".
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.📖 Read
via "Dark Reading".
Dark Reading
FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
‼ CVE-2020-26244 ‼
📖 Read
via "National Vulnerability Database".
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28206 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.📖 Read
via "National Vulnerability Database".
❌ Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks ❌
📖 Read
via "Threat Post".
Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.📖 Read
via "Threat Post".
Threat Post
Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks
Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.
🕴 Cybersecurity in the Biden Administration: Experts Weigh In 🕴
📖 Read
via "Dark Reading".
Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal."📖 Read
via "Dark Reading".
Dark Reading
Cybersecurity in the Biden Administration: Experts Weigh In
Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a return to normal.
🕴 Open Source Flaws Take Years to Find But Are Quick to Fix 🕴
📖 Read
via "Dark Reading".
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.📖 Read
via "Dark Reading".
Dark Reading
Open Source Flaws Take Years to Find But Are Quick to Fix
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
‼ CVE-2020-29280 ‼
📖 Read
via "National Vulnerability Database".
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29287 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29282 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29284 ‼
📖 Read
via "National Vulnerability Database".
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29285 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29283 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29288 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29279 ‼
📖 Read
via "National Vulnerability Database".
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26246 ‼
📖 Read
via "National Vulnerability Database".
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.📖 Read
via "National Vulnerability Database".
❌ Google Play Apps Remain Vulnerable to High-Severity Flaw ❌
📖 Read
via "Threat Post".
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.📖 Read
via "Threat Post".
Threat Post
Google Play Apps Remain Vulnerable to High-Severity Flaw
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.