‼ CVE-2020-24383 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24340 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25107 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25112 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17470 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.📖 Read
via "National Vulnerability Database".
⚠ Subway sandwich scam mystifies loyalty card users ⚠
📖 Read
via "Naked Security".
Subway customers have been on the receiving end of a curiously complex phishing scam.📖 Read
via "Naked Security".
Naked Security
Subway sandwich scam mystifies loyalty card users
Subway customers have been on the receiving end of a curiously complex phishing scam. We investigate.
‼ CVE-2020-35199 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35200 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35202 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35201 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17511 ‼
📖 Read
via "National Vulnerability Database".
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17513 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.📖 Read
via "National Vulnerability Database".
🦿 Cybersecurity experts hail new IoT law 🦿
📖 Read
via "Tech Republic".
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity experts hail new IoT law
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.
🕴 Startups Should Do Things That Don't Scale, but Security Isn't One of Them 🕴
📖 Read
via "Dark Reading".
Emerging businesses that don't embrace scalable security do so at their own peril.📖 Read
via "Dark Reading".
Dark Reading
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.
‼ CVE-2020-29227 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.📖 Read
via "National Vulnerability Database".
🛠 Sifter 11-R3 🛠
📖 Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 11-R3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 WhatWeb Scanner 0.5.4 🛠
📖 Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.📖 Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.4 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ New Windows Trojan Steals Browser Credentials, Outlook Files ❌
📖 Read
via "Threat Post".
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.📖 Read
via "Threat Post".
Threat Post
New Windows Trojan Steals Browser Credentials, Outlook Files
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.
🦿 US government agencies compromised by foreign nation-state 🦿
📖 Read
via "Tech Republic".
Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.📖 Read
via "Tech Republic".
TechRepublic
US government agencies compromised by foreign nation-state
Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.
‼ CVE-2020-35382 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14244 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.📖 Read
via "National Vulnerability Database".