βΌ CVE-2021-3121 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13922 βΌ
π Read
via "National Vulnerability Database".
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17508 βΌ
π Read
via "National Vulnerability Database".
The ESI plugin in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.11, and 8.0.0 to 8.1.0 has a memory disclosure vulnerability. If you are running the plugin please upgrade to 7.1.12 or 8.1.1 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3118 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11995 βΌ
π Read
via "National Vulnerability Database".
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protool, during Hessian2 deserializing the HashMap object, some functions in the classes stored in HasMap will be executed after a series of program calls, however, those special functions may cause remote command execution. For example, the hashCode() function of the EqualsBean class in rome-1.7.0.jar will cause the remotely load malicious classes and execute malicious code by constructing a malicious request. This issue was fixed in Apache Dubbo 2.6.9 and 2.7.8.π Read
via "National Vulnerability Database".
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
β Google Titan security keys hacked by French researchers β
π Read
via "Naked Security".
Researchers can now made software copies of Google's "unclonable" Titan security keys - but not yet undetectably.π Read
via "Naked Security".
Naked Security
Google Titan security keys hacked by French researchers
Researchers can now made software copies of Googleβs βunclonableβ Titan security keys β but not yet undetectably.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
π jSQL Injection 0.83 Source Code Release π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.83 Source Code Release β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Flawfinder 2.0.14 π
π Read
via "Packet Storm Security".
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.π Read
via "Packet Storm Security".
Packetstormsecurity
Flawfinder 2.0.14 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π jSQL Injection 0.83 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the pre-built jar release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.83 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β SolarWinds Hack Potentially Linked to Turla APT β
π Read
via "Threat Post".
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.π Read
via "Threat Post".
Threat Post
SolarWinds Hack Potentially Linked to Turla APT
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.
β Naked Security Live β HTTPS: do we REALLY need it? β
π Read
via "Naked Security".
Here's the latest Naked Security Live video talk - watch now, and please share with your friends!π Read
via "Naked Security".
Naked Security
Naked Security Live β HTTPS: do we REALLY need it?
Hereβs the latest Naked Security Live video talk β watch now, and please share with your friends!
β Researcher Builds Parler Archive Amid Amazon Suspension β
π Read
via "Threat Post".
A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.π Read
via "Threat Post".
Threat Post
Researcher Builds Parler Archive Amid Amazon Suspension
A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.
βΌ CVE-2020-24027 βΌ
π Read
via "National Vulnerability Database".
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24025 βΌ
π Read
via "National Vulnerability Database".
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13559 βΌ
π Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23631 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26298 βΌ
π Read
via "National Vulnerability Database".
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.π Read
via "National Vulnerability Database".
β Millions of Social Profiles Leaked by Chinese Data-Scrapers β
π Read
via "Threat Post".
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.π Read
via "Threat Post".
Threat Post
Millions of Social Profiles Leaked by Chinese Data-Scrapers
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.