π΄ Dark Web Forum Activity Surged 44% in Early COVID Months π΄
π Read
via "Dark Reading".
Researchers analyzed the activity of five popular English- and Russian-speaking Dark Web forums and discovered exponential membership growth.π Read
via "Dark Reading".
Dark Reading
Dark Web Forum Activity Surged 44% in Early COVID Months
Researchers analyzed the activity of five popular English- and Russian-speaking Dark Web forums and discovered exponential membership growth.
βΌ CVE-2020-29500 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35170 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated usersΓ’β¬β’ sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23249 βΌ
π Read
via "National Vulnerability Database".
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36051 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36066 βΌ
π Read
via "National Vulnerability Database".
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36052 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29501 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29490 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20484 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26181 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29489 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36067 βΌ
π Read
via "National Vulnerability Database".
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29437 βΌ
π Read
via "National Vulnerability Database".
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20483 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26199 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29502 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23250 βΌ
π Read
via "National Vulnerability Database".
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7336 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3026 βΌ
π Read
via "National Vulnerability Database".
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.π Read
via "National Vulnerability Database".
β Feds Pinpoint Russia as βLikelyβ Culprit Behind SolarWinds Attack β
π Read
via "Threat Post".
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.π Read
via "Threat Post".
Threat Post
Feds Pinpoint Russia as βLikelyβ Culprit Behind SolarWinds Attack
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.