‼ CVE-2020-35730 ‼
📖 Read
via "National Vulnerability Database".
linkref_addindex in rcube_string_replacer.php in Roundcube Webmail before 1.4.10 allows XSS via a crafted email message.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35612 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35615 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25507 ‼
📖 Read
via "National Vulnerability Database".
An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15898 ‼
📖 Read
via "National Vulnerability Database".
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35769 ‼
📖 Read
via "National Vulnerability Database".
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25847 ‼
📖 Read
via "National Vulnerability Database".
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.📖 Read
via "National Vulnerability Database".
🕴 Security Pros Reflect on 2020 🕴
📖 Read
via "Dark Reading".
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.📖 Read
via "Dark Reading".
Dark Reading
Security Pros Reflect on 2020
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.
🕴 Mac Attackers Remain Focused Mainly on Adware, Fooling Users 🕴
📖 Read
via "Dark Reading".
Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware - including ransomware.📖 Read
via "Dark Reading".
Dark Reading
Mac Attackers Remain Focused Mainly on Adware, Fooling Users
Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware - including ransomware.
❌ 2020 Work-for-Home Shift: What We Learned ❌
📖 Read
via "Threat Post".
Threatpost explores 5 big takeaways from 2020 -- and what they mean for 2021.📖 Read
via "Threat Post".
Threat Post
2020 Work-for-Home Shift: What We Learned
Threatpost explores 5 big takeaways from 2020 — and what they mean for 2021.
🦿 How companies can use automation to secure cloud data 🦿
📖 Read
via "Tech Republic".
Data automation allows companies to conduct operations more consistently, securely, and reliably. Learn how one company tackled the challenges.📖 Read
via "Tech Republic".
TechRepublic
How companies can use automation to secure cloud data
Data automation allows companies to conduct operations more consistently, securely, and reliably. Learn how one company tackled the challenges.
🕴 India: A Growing Cybersecurity Threat 🕴
📖 Read
via "Dark Reading".
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.📖 Read
via "Dark Reading".
Dark Reading
India: A Growing Cybersecurity Threat
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
❌ Japanese Aerospace Firm Kawasaki Warns of Data Breach ❌
📖 Read
via "Threat Post".
The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.📖 Read
via "Threat Post".
Threat Post
Japanese Aerospace Firm Kawasaki Warns of Data Breach
The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.
❌ 6 Questions Attackers Ask Before Choosing an Asset to Exploit ❌
📖 Read
via "Threat Post".
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.📖 Read
via "Threat Post".
Threat Post
6 Questions Attackers Ask Before Choosing an Asset to Exploit
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.
‼ CVE-2020-5801 ‼
📖 Read
via "National Vulnerability Database".
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5802 ‼
📖 Read
via "National Vulnerability Database".
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5806 ‼
📖 Read
via "National Vulnerability Database".
An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5807 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29475 ‼
📖 Read
via "National Vulnerability Database".
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.📖 Read
via "National Vulnerability Database".
🕴 Reducing the Risk of Third-Party SaaS Apps to Your Organization 🕴
📖 Read
via "Dark Reading".
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.📖 Read
via "Dark Reading".
Dark Reading
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
🛠 OATH Toolkit 2.6.5 🛠
📖 Read
via "Packet Storm Security".
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.📖 Read
via "Packet Storm Security".