‼ CVE-2020-35963 ‼
📖 Read
via "National Vulnerability Database".
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35964 ‼
📖 Read
via "National Vulnerability Database".
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21495 ‼
📖 Read
via "National Vulnerability Database".
MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?acao=altsenha_princ URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3007 ‼
📖 Read
via "National Vulnerability Database".
Zend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: the code may be related to Laminas Project laminas-http. Zend Framework is no longer supported by the maintainer. However, not all Zend Framework 3.0.0 vulnerabilities exist in a Laminas Project release.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21494 ‼
📖 Read
via "National Vulnerability Database".
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can leverage this to read the centralmka2 (session token) cookie, which is not set to HTTPOnly.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35965 ‼
📖 Read
via "National Vulnerability Database".
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.📖 Read
via "National Vulnerability Database".
🕴 CISO New Year's Resolutions for 2021 🕴
📖 Read
via "Dark Reading".
Six resolutions for forward-looking cyber-risk leaders.📖 Read
via "Dark Reading".
Dark Reading
CISO New Year's Resolutions for 2021
Six resolutions for forward-looking cyber-risk leaders.
🕴 COVID-19's Acceleration of Cloud Migration & Identity-Centric Security 🕴
📖 Read
via "Dark Reading".
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.📖 Read
via "Dark Reading".
Dark Reading
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
‼ CVE-2020-4910 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4918 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4928 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4917 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191391.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4909 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4942 ‼
📖 Read
via "National Vulnerability Database".
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4912 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4913 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4919 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4916 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.📖 Read
via "National Vulnerability Database".
❌ Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business ❌
📖 Read
via "Threat Post".
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to 'choke off' its business.📖 Read
via "Threat Post".
Threat Post
Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to 'choke off' its business.
🛠 PIMT 1.0 🛠
📖 Read
via "Packet Storm Security".
PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.📖 Read
via "Packet Storm Security".
Packetstormsecurity
PIMT 1.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ T-Mobile Faces Yet Another Data Breach ❌
📖 Read
via "Threat Post".
The cyberattack incident is the wireless carrier's fourth in three years.📖 Read
via "Threat Post".
Threat Post
T-Mobile Faces Yet Another Data Breach
The cyberattack incident is the wireless carrier's fourth in three years.