‼ CVE-2020-4913 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4919 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4916 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.📖 Read
via "National Vulnerability Database".
❌ Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business ❌
📖 Read
via "Threat Post".
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to 'choke off' its business.📖 Read
via "Threat Post".
Threat Post
Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to 'choke off' its business.
🛠 PIMT 1.0 🛠
📖 Read
via "Packet Storm Security".
PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.📖 Read
via "Packet Storm Security".
Packetstormsecurity
PIMT 1.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ T-Mobile Faces Yet Another Data Breach ❌
📖 Read
via "Threat Post".
The cyberattack incident is the wireless carrier's fourth in three years.📖 Read
via "Threat Post".
Threat Post
T-Mobile Faces Yet Another Data Breach
The cyberattack incident is the wireless carrier's fourth in three years.
🛠 tcpdump 4.99.0 🛠
📖 Read
via "Packet Storm Security".
tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.📖 Read
via "Packet Storm Security".
Packetstormsecurity
tcpdump 4.99.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 SQLMAP - Automatic SQL Injection Tool 1.5 🛠
📖 Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.📖 Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.5 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Haveged 1.9.14 🛠
📖 Read
via "Packet Storm Security".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Haveged 1.9.14 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2020-35496 ‼
📖 Read
via "National Vulnerability Database".
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17536 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35507 ‼
📖 Read
via "National Vulnerability Database".
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17537 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35495 ‼
📖 Read
via "National Vulnerability Database".
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35494 ‼
📖 Read
via "National Vulnerability Database".
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36112 ‼
📖 Read
via "National Vulnerability Database".
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35493 ‼
📖 Read
via "National Vulnerability Database".
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22550 ‼
📖 Read
via "National Vulnerability Database".
Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17535 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
❌ Leading Game Publishers Hit Hard by Leaked-Credential Epidemic ❌
📖 Read
via "Threat Post".
Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online.📖 Read
via "Threat Post".
Threat Post
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic
Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online.
🔏 NIST Issues PACS Guidance for Healthcare Delivery Organizations 🔏
📖 Read
via "Digital Guardian".
NIST's latest guidance is geared towards preventing healthcare organizations that oversee PACS software from exposing patient data.📖 Read
via "Digital Guardian".
Digital Guardian
NIST Issues PACS Guidance for Healthcare Delivery Organizations
NIST's latest guidance is geared towards preventing healthcare organizations that oversee PACS software from exposing patient data.