🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35702 ‼

DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document.

📖 Read

via "National Vulnerability Database".

192 views06:55

🦿 Why cybersecurity tools fail when it comes to ambiguity 🦿

Artificial intelligence will likely help with cybersecurity, though figuring out how to handle ambiguous situations is critical.

📖 Read

via "Tech Republic".

TechRepublic

Why cybersecurity tools fail when it comes to ambiguity

Artificial intelligence will likely help with cybersecurity, though figuring out how to handle ambiguous situations is critical.

225 views11:55

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35707 ‼

Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.

📖 Read

via "National Vulnerability Database".

166 views11:55

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35708 ‼

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.

📖 Read

via "National Vulnerability Database".

175 views11:55

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35705 ‼

Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.

📖 Read

via "National Vulnerability Database".

205 views11:55

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35706 ‼

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.

📖 Read

via "National Vulnerability Database".

205 views11:55

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35704 ‼

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.

📖 Read

via "National Vulnerability Database".

209 views11:55

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35709 ‼

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.

📖 Read

via "National Vulnerability Database".

203 views21:56

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35710 ‼

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.

📖 Read

via "National Vulnerability Database".

220 views21:56

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35712 ‼

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.

📖 Read

via "National Vulnerability Database".

191 views01:25

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35711 ‼

An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.

📖 Read

via "National Vulnerability Database".

184 views01:25

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35716 ‼

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.

📖 Read

via "National Vulnerability Database".

165 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-26766 ‼

A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.

📖 Read

via "National Vulnerability Database".

153 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-20412 ‼

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.

📖 Read

via "National Vulnerability Database".

139 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35347 ‼

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.

📖 Read

via "National Vulnerability Database".

127 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35349 ‼

Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).

📖 Read

via "National Vulnerability Database".

122 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35714 ‼

Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.

📖 Read

via "National Vulnerability Database".

120 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35388 ‼

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.

📖 Read

via "National Vulnerability Database".

123 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35713 ‼

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.

📖 Read

via "National Vulnerability Database".

131 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-27515 ‼

A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.

📖 Read

via "National Vulnerability Database".

139 views06:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2020-35359 ‼

Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.

📖 Read

via "National Vulnerability Database".

141 views06:26

About

Blog

Apps

Platform