‼ CVE-2020-27852 ‼
📖 Read
via "National Vulnerability Database".
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19360 ‼
📖 Read
via "National Vulnerability Database".
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25385 ‼
📖 Read
via "National Vulnerability Database".
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.📖 Read
via "National Vulnerability Database".
🕴 Tips for a Bulletproof War Room Strategy 🕴
📖 Read
via "Dark Reading".
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.📖 Read
via "Dark Reading".
Dark Reading
Tips for a Bulletproof War Room Strategy
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
‼ CVE-2021-3110 ‼
📖 Read
via "National Vulnerability Database".
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35217 ‼
📖 Read
via "National Vulnerability Database".
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23326 ‼
📖 Read
via "National Vulnerability Database".
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.📖 Read
via "National Vulnerability Database".
❌ Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms ❌
📖 Read
via "Threat Post".
Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.📖 Read
via "Threat Post".
Threat Post
Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms
Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.
🦿 Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered 🦿
📖 Read
via "Tech Republic".
Atlas VPN drills down into a Gallup poll to understand Americans' perceived threat level. It turns out 55% are more worried about cyberattacks.📖 Read
via "Tech Republic".
TechRepublic
Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered
Atlas VPN drills down into a Gallup poll to understand Americans' perceived threat level. It turns out 55% are more worried about cyberattacks.
❌ Investment Scammers Prey on Dating App Users, Interpol Warns ❌
📖 Read
via "Threat Post".
Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers.📖 Read
via "Threat Post".
Threat Post
Investment Scammers Prey on Dating App Users, Interpol Warns
Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment fraud scammers.
‼ CVE-2020-4887 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2092 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4983 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1998 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2101 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35272 ‼
📖 Read
via "National Vulnerability Database".
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2034 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2029 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2027 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2024 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-2028 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).📖 Read
via "National Vulnerability Database".