‼ CVE-2020-17438 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25108 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17439 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24383 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24340 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25107 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25112 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17470 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.📖 Read
via "National Vulnerability Database".
⚠ Subway sandwich scam mystifies loyalty card users ⚠
📖 Read
via "Naked Security".
Subway customers have been on the receiving end of a curiously complex phishing scam.📖 Read
via "Naked Security".
Naked Security
Subway sandwich scam mystifies loyalty card users
Subway customers have been on the receiving end of a curiously complex phishing scam. We investigate.
‼ CVE-2020-35199 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35200 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35202 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35201 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17511 ‼
📖 Read
via "National Vulnerability Database".
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17513 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.📖 Read
via "National Vulnerability Database".
🦿 Cybersecurity experts hail new IoT law 🦿
📖 Read
via "Tech Republic".
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity experts hail new IoT law
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.
🕴 Startups Should Do Things That Don't Scale, but Security Isn't One of Them 🕴
📖 Read
via "Dark Reading".
Emerging businesses that don't embrace scalable security do so at their own peril.📖 Read
via "Dark Reading".
Dark Reading
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.
‼ CVE-2020-29227 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.📖 Read
via "National Vulnerability Database".
🛠 Sifter 11-R3 🛠
📖 Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 11-R3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 WhatWeb Scanner 0.5.4 🛠
📖 Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.📖 Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.4 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ New Windows Trojan Steals Browser Credentials, Outlook Files ❌
📖 Read
via "Threat Post".
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.📖 Read
via "Threat Post".
Threat Post
New Windows Trojan Steals Browser Credentials, Outlook Files
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.