‼ CVE-2020-6572 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16046 ‼
📖 Read
via "National Vulnerability Database".
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29495 ‼
📖 Read
via "National Vulnerability Database".
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16045 ‼
📖 Read
via "National Vulnerability Database".
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
🕴 Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses 🕴
📖 Read
via "Dark Reading".
A new machine learning tool aims to mine privacy policies on behalf of users.📖 Read
via "Dark Reading".
Dark Reading
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
A new machine learning tool aims to mine privacy policies on behalf of users.
‼ CVE-2020-27219 ‼
📖 Read
via "National Vulnerability Database".
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27220 ‼
📖 Read
via "National Vulnerability Database".
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35581 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23836 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23835 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23838 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35582 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23837 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved.📖 Read
via "National Vulnerability Database".
🕴 Name That Toon: Before I Go ... 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Toon: Before I Go ...
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 How to Achieve Collaboration Tool Compliance 🕴
📖 Read
via "Dark Reading".
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.📖 Read
via "Dark Reading".
Dark Reading
How to Achieve Collaboration Tool Compliance - Dark Reading
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
🔏 Friday Five 1/15 🔏
📖 Read
via "Digital Guardian".
Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 1/15
Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week's infosec news with the Friday Five!
🛠 WhatWeb Scanner 0.5.5 🛠
📖 Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.📖 Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.5 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2019-16961 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35733 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.📖 Read
via "National Vulnerability Database".
🦿 CES 2021: All of the business tech news you need to know 🦿
📖 Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.📖 Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.