‼ CVE-2020-28139 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13349 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28140 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28133 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26405 ‼
📖 Read
via "National Vulnerability Database".
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28138 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28136 ‼
📖 Read
via "National Vulnerability Database".
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13348 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.📖 Read
via "National Vulnerability Database".
❌ ThreatList: Pharma Mobile Phishing Attacks Turn to Malware ❌
📖 Read
via "Threat Post".
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.📖 Read
via "Threat Post".
Threat Post
ThreatList: Pharma Mobile Phishing Attacks Turn to Malware
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.
❌ Defining Security Policies to Manage Remote Insider Threats ❌
📖 Read
via "Threat Post".
This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.📖 Read
via "Threat Post".
Threat Post
Defining Security Policies to Manage Remote Insider Threats
Plixer's Justin Jett on finding insider threats amidst the ever-increasing work-from-home population.
🕴 Vulnerability Prioritization Tops Security Pros' Challenges 🕴
📖 Read
via "Dark Reading".
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.📖 Read
via "Dark Reading".
Dark Reading
Vulnerability Prioritization Tops Security Pros' Challenges
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
❌ Multiple Industrial Control System Vendors Warn of Critical Bugs ❌
📖 Read
via "Threat Post".
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.📖 Read
via "Threat Post".
Threat Post
Multiple Industrial Control System Vendors Warn of Critical Bugs
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.
🕴 EFF, Security Experts Condemn Politicization of Election Security 🕴
📖 Read
via "Dark Reading".
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."📖 Read
via "Dark Reading".
Dark Reading
EFF, Security Experts Condemn Politicization of Election Security
Open letter, signed by high-profile security professionals and organizations, urges White House to reverse course and support election security.
‼ CVE-2020-26551 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28129 ‼
📖 Read
via "National Vulnerability Database".
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26549 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28915 ‼
📖 Read
via "National Vulnerability Database".
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.📖 Read
via "National Vulnerability Database".
❌ Firing of CISA Chief Christopher Krebs Widely Condemned ❌
📖 Read
via "Threat Post".
President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.📖 Read
via "Threat Post".
Threat Post
Firing of CISA Chief Christopher Krebs Widely Condemned
President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.
🦿 Microsoft's new security chip takes PC protection to a higher level 🦿
📖 Read
via "Tech Republic".
Intel, AMD and Qualcomm will use the Microsoft-designed Pluton security processor from Xbox One and Azure Sphere in future SoCs to deliver better protection than a TPM.📖 Read
via "Tech Republic".
🦿 Zoom: These new features will prevent trolls and meeting-crashers 🦿
📖 Read
via "Tech Republic".
Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links.📖 Read
via "Tech Republic".
TechRepublic
Zoom: These new features will prevent trolls and meeting-crashers
Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links.
🦿 "123456" tops list of most common passwords for 2020 🦿
📖 Read
via "Tech Republic".
People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.📖 Read
via "Tech Republic".
TechRepublic
"123456" tops list of most common passwords for 2020
People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.