‼ CVE-2020-36174 ‼
📖 Read
via "National Vulnerability Database".
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27285 ‼
📖 Read
via "National Vulnerability Database".
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36172 ‼
📖 Read
via "National Vulnerability Database".
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36175 ‼
📖 Read
via "National Vulnerability Database".
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36173 ‼
📖 Read
via "National Vulnerability Database".
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8160 ‼
📖 Read
via "National Vulnerability Database".
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36176 ‼
📖 Read
via "National Vulnerability Database".
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36177 ‼
📖 Read
via "National Vulnerability Database".
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.📖 Read
via "National Vulnerability Database".
‼ CVE-2012-10001 ‼
📖 Read
via "National Vulnerability Database".
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36171 ‼
📖 Read
via "National Vulnerability Database".
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27279 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).📖 Read
via "National Vulnerability Database".
⚠ Zyxel hardcoded admin password found – patch now! ⚠
📖 Read
via "Naked Security".
Hardcoded passwords are always wrong - they are equivalent to implanting a global backdoor and hoping no one will find it.📖 Read
via "Naked Security".
Naked Security
Zyxel hardcoded admin password found – patch now!
Hardcoded passwords are always wrong – they are equivalent to implanting a global backdoor and hoping no one will find it.
🦿 Linux: How to create a new user with admin privileges 🦿
📖 Read
via "Tech Republic".
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.📖 Read
via "Tech Republic".
TechRepublic
How to create a new user with admin privileges on Linux
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.
🔏 NSA Provides Direction on Eliminating Obsolete Encryptionn Protocols 🔏
📖 Read
via "Digital Guardian".
Moving on from old, out-of-date encryption protocols can protect sensitive and valuable data from being accessed by adversaries, the NSA reiterated this week.📖 Read
via "Digital Guardian".
Digital Guardian
NSA Provides Direction on Eliminating Obsolete Encryptionn Protocols
Moving on from old, out-of-date encryption protocols can protect sensitive and valuable data from being accessed by adversaries, the NSA reiterated this week.
‼ CVE-2020-5105 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5106 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-16962 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5104 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5102 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-16954 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5103 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".