βΌ CVE-2020-8461 βΌ
π Read
via "National Vulnerability Database".
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.π Read
via "National Vulnerability Database".
β βIs it you in the video?β β donβt fall for this Messenger scam β
π Read
via "Naked Security".
If a friend asks "is it you in the video", don't be in hurry to find out!π Read
via "Naked Security".
Naked Security
βIs it you in the video?β β donβt fall for this Messenger scam
If a friend asks βis it you in the videoβ, donβt be in hurry to find out!
βΌ CVE-2020-12521 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13509 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14232 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13528 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13516 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12517 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).π Read
via "National Vulnerability Database".
βΌ CVE-2020-12518 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20138 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20140 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13511 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13518 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12522 βΌ
π Read
via "National Vulnerability Database".
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20142 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13517 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20141 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27780 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12519 βΌ
π Read
via "National Vulnerability Database".
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13510 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13527 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".